Block access to mobile Snapchat on EdgeSWG/ProxySG
search cancel

Block access to mobile Snapchat on EdgeSWG/ProxySG

book

Article ID: 274648

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS Advanced Secure Gateway Software - ASG ASG-S200 ASG-S400 ASG-S500

Issue/Introduction

Snapchat is still accessible on mobile devices after blocking the category Chat/IMS and Social Networking on customer's Policy

Environment

  • Release : 7.3.15.2
  • Product: ISG Proxy
  • Default Policy action: ALLOW

Cause

Snapchat application is distributed over many AWS sub-networks which change over time

The best approach would be to check on the Policy Trace and Wireshark trace what IPs are still allowed 

Resolution

Please install additional CPL code to the CPL layer in your VPM (use DENY or FORCE_DENY)

 

; ################# SNAPCHAT BLOCK START #################

; DENY ACCESS

<proxy>

condition=SnapchatBLOCK DENY

; ENABLE SSL INTERCEPTION TO BLOCK ANY SUBDOMAINS

<ssl-intercept>

condition=SnapchatBLOCK ssl.forward_proxy(yes)

; DISABLE PROTOCOL DETECTION

<proxy>

condition=SnapchatBLOCK detect_protocol(none)

define condition SnapchatBLOCK

url.domain=feelinsonice-hrd.appspot.com

url.domain=feelinsonice-hard.appspot.com

url.domain=snapchat.com

url.domain=sc-cdn.net

url.domain=snapchat.appspot.com

url.domain=sc-analytics.appspot.com

url.domain=feelinsonice.com

url.domain=feelinsonice.l.google.com

url.domain=data.flurry.com

url.domain=appspot.l.google.co

url.domain=addlive.io

url.domain=sc-corp.net

url.domain=sc-gw.com

url.domain=sc-jpl.com

url.domain=sc-prod.net

url.domain=sc-static.net

url.domain=snapads.com

url.domain=snap-dev.net

url.domain=snapkit.com

url.domain=snapmap.com

url.domain=snapmap.org

url.domain=snapmaps.com

url.domain=snap-storage-cdn.l.google.com

url.address=104.193.184.0/24

url.address=104.193.185.0/24

url.address=204.154.248.0/24

url.address=204.154.250.0/24

url.address=35.190.43.134/32

url.address=34.98.105.85/32

url.address=44.202.21.12/32

url.address=35.190.22.22/32

url.address=35.241.16.93/32

; AWS API sub ranges

url.address=3.251.220.0/24

url.domain=aws.api.snapchat.com

end condition SnapchatBLOCK

; ################# SNAPCHAT BLOCK END #################

Additional Information

Developer of the Snapchat has not shared publicly all the IP ranges for the application

 

The IP addresses and urls were gathered from:

Powered by Wolken Software