How to block Facebook chat and email features on Cisco Web Security appliance?

Available Languages

Updated:August 13, 2014
Document ID:118285

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Question:

How to block Facebook.com chat and email features?

Environment: Cisco Web Security appliance (WSA) any AsyncOS versions

On AsyncOS version 7.1 & above with AVC enabled

On 7.1 version, WSA introduced a new feature named 'Application Visibility Controls' (AVC) which provides the ability to automatically detect applications like Facebook. AVC feature requires a license key for "Cisco Web Usage Controls" and it can be enabled under GUI > Security Services > Acceptable Use Controls

When AVC is enabled, we can use AVC to block the specific features on 'Facebook' like Facebook Messages and Chat, Facebook Games etc. AVC also provides the ability to detect and control many other applications like ITunes, Google+ etc.

 Block Facebook "Chat" feature using AVC
  1.  Navigate to GUI > Web Security Manager > Access Policies
  2.  For any specific access policy or 'Global Policy', click on the link under "Applications" column
  3.  Under 'Edit Application settings', click on the "+" sign next to 'Facebook' to view all available options
  4.  Configure "Facebook Messages and Chat" to 'Block'
  5.  If you would like to only block video chat, then choose 'Monitor' and then check 'Block Video Chat' option

On all AsyncOS versions or with version 7.1 & above with AVC disabled

If the AVC feature is not available, then we can also block the chat and email features on facebook by matching specific URLs.

 Block Facebook.com "chat" feature
  1.  Navigate to Security Manager -> Custom URL Categories -> Add Custom Category
  2.  Fill out "Category Name" and click on "Advanced"
  3.  Type in "facebook.*chat" on the 'Regular Expression' window
  4.  Navigate to Security Manager -> Access Policies page
  5.  Click the link in the policies table under the 'URL Categories' column for the concerned access policy you want to edit.
  6.  In the 'Custom URL Category Filtering' section, choose the action "Block"
  7.  Submit and commit your changes.

 Block Facebook.com "Messages" feature
  1.  Navigate to Security Manager > Custom URL Categories > Add Custom Category
  2.  Fill out "Category Name" and click on "Advanced"
  3.  Type in "facebook.*gigaboxx" on the Regular Expression window
  4.  Navigate to Security Manager -> Access Policies page
  5.  Click the link in the policies table under the 'URL Categories' column for the concerned access policy you want to edit.
  6.  In the Custom URL Category Filtering section, choose the action "Block"
  7.  Submit and commit your changes.


Note:

The configuration steps in the second method are not dynamic and hence, if the websites/URLs used by Facebook change, then we would need to modify the configuration to block the Chat and Messages features

On the other hand, AVC feature updates its signatures periodically to ensure that the applications are detected properly. Hence, we recommend using AVC to block Facebook chat and messages instead of the second method.

Revision History

Revision Publish Date Comments
1.0
13-Aug-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Marcus Schmitt and Siddharth Rajpathak
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products