SSL interception: This is a prerequisite and essential for controlling Facebook traffic as it is almost exclusively served in HTTPS.
Policy to be implemented:
Here is some sample policy which according to testing allows Facebook at work for your Facebook at Work page (e.g. company.facebook.com), but blocks other facebook.com requests:
1) Using CPL policy:
<proxy>
ALLOW condition=fbatwork
DENY url.domain=facebook.com
define condition fbatwork
url.domain=fbcdn.net
url.domain=company.facebook.com (where company is your company name)
url.host.regex=chat.facebook.com
end
For details about how to install CPL, have a look at this KB article:
How do I add CPL to a local policy file on the ProxySG?
2) Using VPM:
a) Create a new Web Access layer
b) Create a first rule: Source: Any (or a user or group, as you wish) Destination: New > Combined Destination Object > New URL and then add each of these URLs, one at a time:
fbcdn.net
company.facebook.com
chat.facebook.com
With this policy, you should be able to open company.facebook.com but you will be denied opening facebook.com