App-ID confusion and blocking spotify

cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

App-ID confusion and blocking spotify

L1 Bithead

Hello, 

I'm trying to work on a request to totally block Spotify on our network for 1 host (could be more in the future) and I thought App-ID would be the best option for this but since it depends on SSL and web browsing it's dropping all traffic when I add those dependencies; which I figured it would. 

When I just have Spotify in the  application section of the pre rule I do see some Spotify app-ID blocked but I'm still getting access to Spotify, which I'm assuming is because it's using SSL and that is allowed. 

Has anyone accomplished this before and could maybe give me a few pointers? 

 

Thank you

4 REPLIES 4

L4 Transporter

I think (but not 100% sure) the spotify AppID will just identify the Spotify application/streaming audio, not general website traffic to Spotify. For that web traffic you will probably need to build a URL filter object:

Objects -> Custom Objects -> URL Category

    [spotify]

        spotify.com/

        *.spotify.com/

        spotifycdn.com/

        *.spotifycdn.com/

        sptfy.com/

        *.sptfy.com/

        <...etc...>

Policies -> Security

    [block-user-from-spotify]

        Srczone=Trust

        Srcuser=badboy

        Dstzone=Untrust

        URL Category=[spotify]

        Action=Deny

 

Or put the URL Category in your URL Filtering group with an appropriate Site Access setting.  Effectiveness will depend on if you are fully decrypting SSL traffic or not. If you are pointing clients at a PA DNS proxy you could also setup a static entry with a dead IP.

L1 Bithead

Well the Custom URL somewhat did the trick. I can't get the actual player to come up so that helps somewhat. I guess I have to figure out all the other URLs Spotify could be using but not really sure how to accomplish that. 

 

@Adrian_Jensen  thank you 

 

L4 Transporter

Knowing all the domains takes a bit of guess work and luck, no real foolproof way to do it. But once you have blocked a few of the major domains, it usually is rendered inaccessible. You can search security sites for them:

    https://www.netify.ai/resources/applications/spotify

    https://community.spotify.com/t5/Desktop-Windows/Desktop-App-Domain-Needed-for-Whitelist/td-p/488254...

 

     https://www.google.com/search?q=spotify+domains|urls

 

Though take it with a grain of salt... some of the listed domains, like pscnd.co, are CDNs that serve many different websites.

L1 Bithead

Yeah this is a tough one due to the fact the actual spotify.com page uses https(443) so I can't really block that without breaking pretty much all internet access. I may just have to go with the player being broken as the "fix" for me issue. At least the user can't play music which is the whole purpose of going to spotify

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!