Cisco Cisco Web Security Appliance S670 Fehlerbehebungsanleitung

Contributed by Josh Wolfer and Siddharth Rajpathak, Cisco TAC
Engineers.

Aug 05, 2014

Question:
     Environment:

How to block Instant Messaging (IM) traffic or IM chat on Cisco Web Security appliance?

Cisco Web Security appliance (WSA) running AsyncOS version 7.1.x and above

Note: This Knowledge Base article references software which is not maintained or supported by Cisco.  The
information is provided as a courtesy for your convenience. For further assistance, please contact the software
vendor.

Instant Messaing (IM) traffic over HTTP can be blocked today in the following ways:

Block by defining custom user agents used by the IM applications.

• 

Block with the "Chat and Instant Messaging" predefined URL category, or with a custom category
containing IM servers (GUI > Web Security Manager > Access Policies > URL Filtering)

• 

Block the required IM applications under "Instant Messaging" AVC application type (GUI > Web
Security Manager > Access Policies > Applications)

• 

Block ports that IM applications use to tunnel through proxies with the HTTP CONNECT method.

• 

Manually add IM servers into the L4 Traffic Monitor black list to block access to popular IM
destinations irrespective of the port.

• 

Under GUI > Web Security Manager > Access Policies click on objects

1. 

Specify the following under Block Custom MIME Types: application/x−msn−messenger

2. 

Create a custom category in Web Security Manager > Custom URL Categories

1. 

Specify the following under Sites: pager.yahoo.com, shttp.msg.yahoo.com,
update.messenger.yahoo.com, update.pager.yahoo.com

2. 

Set this custom category to Block.

3.