+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 33
Internet Related/Filtering/Firewall Thread, Snapchat in Technical; Originally Posted by BDoyle Even though blocking the URLs noted above (feelinsonice...) is supposed to work it doesn't as there ...
  1. #16

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by BDoyle View Post
    Even though blocking the URLs noted above (feelinsonice...) is supposed to work it doesn't as there is some sort of logic where Snapchat is using any SSL path on appspot.com to get by content filters. How to solve it? Block appspot.com entirely. Might break other things but it is easier to whitelist individual URLs than deal with Google's desire to bypass filters worldwide. Not allowing simple blocking of Apps for businesses or educational environments is unacceptable Google. Very close to blocking all Google sites if this keeps up.
    This solution doesn't work so well if you are using Google Apps for your school. It wasn't my choice to use Google Apps mind you (and I would block all of Google.com if I could), but if I do something to foul it up it will be my neck in a noose not Google's.

    EDIT: Yep, Wordle and dozens of other sites come up when I check my logs that use "appspot.com" domain and that's just from the past week. If I blocked appspot.com there would be a firestorm of grief we would get from the teachers and students.

    Anyone else have a less destructive method of blocking Snapchat? I can do it for Android devices, but not iOS.
    Last edited by seawolf; 21st February 2014 at 01:35 AM.

  2. #17

    Join Date
    Feb 2014
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Our school is not using Google Apps across the board but we are using it. It did take some time to whitelist the specific Apps that were needed for school but our content filter was quick to identify those "?.appspot.com" sites. So you wouldn't want to start on a Monday and wait for the phone calls of anger and frustration. The firestorm is short lived unless there is an expectation that students and teachers need the freedom to download and use at will. Then it is not worth the pain.

    There seems to be a growing trend of App Developers to find ways to bypass content filters. My favorite so far is the use of content delivery networks by video streaming companies. Take Amazon Video for instance. Yes, you can block the URL for them but they farm out their App streaming to a content delivery network that has nothing to do with their video URL. *grumble*

    Another thing to check would be your wireless APs and Layer 7 rules (if they have that capability). See if they have instant messenger or social networking options where Snapchat might fall under.

    I know it has been requested of Apple to include a future "feature" that would allow for whitelist and blacklist of iOS Apps through third party MDMs. But that doesn't help the here and now.

  3. #18

    Join Date
    May 2010
    Posts
    1,016
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    Was there any resolve to this? It's running rampant here

  4. #19
    stevenkellett's Avatar
    Join Date
    Nov 2011
    Location
    Lancashire
    Posts
    31
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    6
    Hi,

    Our LEA have just moved over to a new filtering system (lightspeed) & we found snapchat had been blocked with this.

  5. Thanks to stevenkellett from:

    caffrey (20th May 2014)

  6. #20

    Join Date
    May 2010
    Posts
    1,016
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    Cheers, I'm looking at lightspeed appliances at the mo, has anyone got any way of blocking this on a smoothwall ?

  7. #21
    OB1
    OB1 is offline

    OB1's Avatar
    Join Date
    Sep 2011
    Location
    Leeds
    Posts
    472
    Thank Post
    31
    Thanked 152 Times in 129 Posts
    Rep Power
    47
    Quote Originally Posted by caffrey View Post
    Cheers, I'm looking at lightspeed appliances at the mo, has anyone got any way of blocking this on a smoothwall ?
    Are they installing and using this on school equipment? If so there's a case for some kind of Mobile Device Management.
    Decrypt and inspect breaks most apps unless you make specific allowances for them.
    Also make sure you're blocking Social Networking Sites and / or Instant Messaging sites.

  8. #22

    Join Date
    May 2010
    Posts
    1,016
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    It's BYOD, all the social media options are ticked, hopefully when we go 1:1 we can properly monitor devices.

  9. #23
    OB1
    OB1 is offline

    OB1's Avatar
    Join Date
    Sep 2011
    Location
    Leeds
    Posts
    472
    Thank Post
    31
    Thanked 152 Times in 129 Posts
    Rep Power
    47
    Quote Originally Posted by caffrey View Post
    It's BYOD, all the social media options are ticked, hopefully when we go 1:1 we can properly monitor devices.
    Does that include mobile phones?

  10. #24

    Join Date
    May 2010
    Posts
    1,016
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    iPhones / android and iPads

  11. #25
    OB1
    OB1 is offline

    OB1's Avatar
    Join Date
    Sep 2011
    Location
    Leeds
    Posts
    472
    Thank Post
    31
    Thanked 152 Times in 129 Posts
    Rep Power
    47
    The iPads shouldn't work unless they're the 3G versions. If you're having trouble with those over WiFi we can look deeper.
    The phones will just fall back to 3G, there's not much anyone can do about that I'm afraid.

  12. #26

    Join Date
    May 2010
    Posts
    1,016
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    3g shouldn't be a problem as mobile phone reception is so poor here but you're right I can't stop that.
    The site is blocked as it should be with the right category, it's the app that still works - I'll play about with it today

    update, app isn't working now (has something changed recently?) but it still works of course with a personal VPN like onavo
    Last edited by caffrey; 22nd May 2014 at 09:06 AM.

  13. #27
    OB1
    OB1 is offline

    OB1's Avatar
    Join Date
    Sep 2011
    Location
    Leeds
    Posts
    472
    Thank Post
    31
    Thanked 152 Times in 129 Posts
    Rep Power
    47
    Quote Originally Posted by caffrey View Post
    3g shouldn't be a problem as mobile phone reception is so poor here but you're right I can't stop that.
    The site is blocked as it should be with the right category, it's the app that still works - I'll play about with it today

    update, app isn't working now (has something changed recently?) but it still works of course with a personal VPN like onavo
    That's down to firewall policy. Close ports you don't need, that's your best bet.

  14. #28

    Join Date
    May 2010
    Posts
    1,016
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    Yes but the vpn apps can port hop I believe, so if I open any they will just use that ?

  15. #29
    OB1
    OB1 is offline

    OB1's Avatar
    Join Date
    Sep 2011
    Location
    Leeds
    Posts
    472
    Thank Post
    31
    Thanked 152 Times in 129 Posts
    Rep Power
    47
    Quote Originally Posted by caffrey View Post
    Yes but the vpn apps can port hop I believe, so if I open any they will just use that ?
    They do, but mainly on high ports.
    If you've got services that use high ports you can restrict those ports to specific IPs or ranges.
    PM me some examples of the apps you've seen if you want to. We'll have a look into onavo but generally take a 'broad strokes' approach to specific apps, and improving firewall policy is usually the first port of call.

  16. #30

    Join Date
    May 2010
    Posts
    1,016
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    I don't have a definitive list of apps that are being used as I get no reports from the field except for reports that the students are using VPNs, so instead of enforcing the AUP they come to the fun police (us) to sort it out And of course I'm totally blind to this traffic.

    We can't use the MDM to list apps as they are BYOD and have no profiles installed, the iPads we do have MDM on and allow users to install apps, you can list those apps but you can only remove apps that were installed by the MDM (not the end user - which is another annoyance...)

    I'll play around with ports over half term as its a bad time of year to be messing with filtering.

    Lightspeed isn't a firewall - how is it they can block applications ?
    Last edited by caffrey; 23rd May 2014 at 07:04 AM.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •