It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Skype blocking via HTTP-Proxy

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00005162 
 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:

The Skype client is able to connect successfully to the Skype network even if the client only has access to the Internet through an HTTP/HTTPS proxy server. Customers want to block skype connections, but the URL filter does not offer such an option.


 
Solution:

Skype establishes HTTPS sessions directly to destination IP adresses, this is a rather unusual behaviour since most applications are addressing their destination for HTTPS sessions by their hostname.

The HTTP-proxy is able to filter HTTPS request that do have an IP address as destination. To make the proxy do so, you have to add the following lines to your HTTP proxy advanced configuration:

 

  # Prevent Skype connecting HTTPs using CONNECT requests to IP addresses 

  acl CONNECT method CONNECT
  acl NUMERIC-IPS url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
  http_access deny CONNECT NUMERIC-IPS all  

 

  # Prevent Skype connecting http
  acl SKYPE-UA browser Skype
  http_access deny SKYPE-UA

 

  # Prevent anyone to download anything from skype website
  acl SKYPE-DOMAIN dstdomain skype.com
  http_access deny SKYPE-DOMAIN

 

 

Note:
These additions cause the HTTP proxy server to block all HTTPS requests that have an IP address as their destination. This may have negative effects on other applications that are setting up HTTPS connections via the proxy server.

 

 

Link to This Page:
https://campus.barracuda.com/solution/50160000000IKZHAA4