- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-02-2022 11:42 AM
Hello,
I'm trying to work on a request to totally block Spotify on our network for 1 host (could be more in the future) and I thought App-ID would be the best option for this but since it depends on SSL and web browsing it's dropping all traffic when I add those dependencies; which I figured it would.
When I just have Spotify in the application section of the pre rule I do see some Spotify app-ID blocked but I'm still getting access to Spotify, which I'm assuming is because it's using SSL and that is allowed.
Has anyone accomplished this before and could maybe give me a few pointers?
Thank you
05-02-2022 01:17 PM
I think (but not 100% sure) the spotify AppID will just identify the Spotify application/streaming audio, not general website traffic to Spotify. For that web traffic you will probably need to build a URL filter object:
Objects -> Custom Objects -> URL Category
[spotify]
spotify.com/
*.spotify.com/
spotifycdn.com/
*.spotifycdn.com/
sptfy.com/
*.sptfy.com/
<...etc...>
Policies -> Security
[block-user-from-spotify]
Srczone=Trust
Srcuser=badboy
Dstzone=Untrust
URL Category=[spotify]
Action=Deny
Or put the URL Category in your URL Filtering group with an appropriate Site Access setting. Effectiveness will depend on if you are fully decrypting SSL traffic or not. If you are pointing clients at a PA DNS proxy you could also setup a static entry with a dead IP.
05-02-2022 01:43 PM
Well the Custom URL somewhat did the trick. I can't get the actual player to come up so that helps somewhat. I guess I have to figure out all the other URLs Spotify could be using but not really sure how to accomplish that.
@Adrian_Jensen thank you
05-02-2022 01:50 PM
Knowing all the domains takes a bit of guess work and luck, no real foolproof way to do it. But once you have blocked a few of the major domains, it usually is rendered inaccessible. You can search security sites for them:
https://www.netify.ai/resources/applications/spotify
https://www.google.com/search?q=spotify+domains|urls
Though take it with a grain of salt... some of the listed domains, like pscnd.co, are CDNs that serve many different websites.
05-05-2022 06:29 AM
Yeah this is a tough one due to the fact the actual spotify.com page uses https(443) so I can't really block that without breaking pretty much all internet access. I may just have to go with the player being broken as the "fix" for me issue. At least the user can't play music which is the whole purpose of going to spotify
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!