How to block Facebook chat and email features on Cisco Web Security appliance?
PDF(6.5 KB) View with Adobe Reader on a variety of devices
Updated:August 13, 2014
How to block Facebook.com chat and email features?
Environment: Cisco Web Security appliance (WSA) any AsyncOS versions
On AsyncOS version 7.1 & above with AVC enabled
On 7.1 version, WSA introduced a new feature named 'Application Visibility Controls' (AVC) which provides the ability to automatically detect applications like Facebook. AVC feature requires a license key for "Cisco Web Usage Controls" and it can be enabled under GUI > Security Services > Acceptable Use Controls
When AVC is enabled, we can use AVC to block the specific features on 'Facebook' like Facebook Messages and Chat, Facebook Games etc. AVC also provides the ability to detect and control many other applications like ITunes, Google+ etc.
Block Facebook "Chat" feature using AVC
Navigate to GUI > Web Security Manager > Access Policies
For any specific access policy or 'Global Policy', click on the link under "Applications" column
Under 'Edit Application settings', click on the "+" sign next to 'Facebook' to view all available options
Configure "Facebook Messages and Chat" to 'Block'
If you would like to only block video chat, then choose 'Monitor' and then check 'Block Video Chat' option
On all AsyncOS versions or with version 7.1 & above with AVC disabled
If the AVC feature is not available, then we can also block the chat and email features on facebook by matching specific URLs.
Type in "facebook.*gigaboxx" on the Regular Expression window
Navigate to Security Manager -> Access Policies page
Click the link in the policies table under the 'URL Categories' column for the concerned access policy you want to edit.
In the Custom URL Category Filtering section, choose the action "Block"
Submit and commit your changes.
The configuration steps in the second method are not dynamic and hence, if the websites/URLs used by Facebook change, then we would need to modify the configuration to block the Chat and Messages features
On the other hand, AVC feature updates its signatures periodically to ensure that the applications are detected properly. Hence, we recommend using AVC to block Facebook chat and messages instead of the second method.