Blocking Spotify on Cisco PIX ASA

[emalbon]

Hi All,

I'm a complete noob with Cisco routers and I am hoping to find a way to block Spotify from our company firewall. Our bandwidth has been suffering severely over the last month and we have our suspicions this is the reason.

Device is Cisco ADSM 5.2
ASA Version 7.2

I am aware of the following :
-Spotify own a range of addresses (all of 78.31.8.0/22)
-Spotify tries to connect on port 4070. If that is blocked, it will then try port 443, if that's blocked, then port 80
-Spotify can use a proxy, so you need to block socks and https access to the ap.spotify.com address

Can anyone point me in the right direction for what I need to do here? Bear in mind I may need to be spoon fed commands here. I'm not even sure if this is possible, as surely we can't block ports 80 and 443?

Feel free to ask any more information!

[Dumber]

Moved to Cisco Security.

[Daze]

Ok, here is an example:

Code:

PIX#
PIX#conf t
PIX(config)# access-list Deny-Spotify extended deny ip any 78.31.8.0 255.255.252.0
PIX(config)# access-list Deny-Spotify extended permit ip any any
PIX(config)# access-group Deny-Spotify out interface inside
PIX(config)#

That access-list will block ip range (78.31.8.0 - 78.31.11.255)

[emalbon]

Hi Daze,

That's great, thank you so much. Can I confirm that will stop access from the inside out?

Is there still any need to block the various ports that Spotify uses or access to the ap.spotify.com address that Spotify uses?

Thanks again for your assistance.

[gforceindustries]

Quote:

Originally Posted by emalbon

ap.spotify.com

If you ping it, you'll see that it's in the blocked IP range.