Follow these steps to resolve the issue.
- Install the following CPL via local policy:
<Proxy>
DENY condition=qq_deny
define condition qq_deny
url.address=112.90.0.0/16
url.address=203.205.0.0/16
url.address=123.151.0.0/16
url.address=183.60.0.0/16
url.address=112.95.0.0/16
url.address=119.147.0.0/16
url.address=111.161.0.0/16
url.regex="tencent.com"
url.regex="qq.com"
end condition qq_deny
- As the range of IP addresses is huge, some might belong to QQ chat, and some might be belong to other web sites. Hence, in order to trace them correctly or shorten the whole range of IP addresses, you could run a policy trace to identify the exact IP address. Make sure you only run QQ chat instant messaging when you perform this. No other programs or applications should be running. Follow these steps to enable a policy trace for a single client machine.
- Open VPM, select Policy, and create a new Web Access layer. This new Web Access layer will have just one rule in it.
- On Source, right click and select Set > New. Select Client IP address/Subnet. This is the client machine that runs the QQ chat program
- Enter the IP address of the client you are running the test from. There is no need to enter a subnet.
- Select Add, and then close. On the Set Source Object window, select this Client IP, then OK.
- Change the Action to None. Right click on Allow Action, and choose Delete.
- Edit the Track tab. Right click on None under Track, and select Set > New > Trace.
- Select the Trace Level selection and Verbose tracing. Select Trace File, and give it a name. Then click OK.
- Install the policy
- View the result of policy trace once you had run the QQ chat.Go to the ProxySG appliance management console at https:\\Proxy_IP\Policy. Click and view it with Windows Notepad. From the policy trace results you can check to see which IP address is denied.
Please note that to keep blocking the QQ chat is an ongoing tasks due to the nature of the application design and works