Since long time the policy which blocked Facebook subdomain for the chat and Messenger request application.

It worked, but at some point users could send chats/messenger with no block on the policy.

Cloud SWG UPE mode

After taking har file it was clear that the chat/messenger is using websockets now. So simply blocking domain and request application was not enough anymore.

The following policy was tested and confirmed it was working:

condition="Facebook_Messenger" FORCE_DENY access_server(no)
    
    define condition "Facebook_Messenger"
        url.domain=facebook.com http.websocket=yes
        request.application.name="Messenger"
        request.application.operation="Send Email"
    end condition "Facebook_Messenger"