We ran into an interesting issue with one of our clients last week who was trying to block the streaming music app Spotify to comply with the company's Internet Use Policy. Yet it persisted to work despite being blocked using a Barracuda Web Filter.
Here's why and how to fix it.
First I checked the standard configuration within the Barracuda Web Filter, to verify the settings were in fact correct:
- Under the "Content Filter", "Streaming Media" is set to Block.
- Under "Applications" Spotify was set to Block as well.
- Also worth noting, this Barracuda Web Filter was deployed inline and HTTPS Filtering is On.
So to dig into the issue, we ran Spotify and streamed media. Running a netstat -ao, filtered on the Spotify PID (3364 in this case), shows an established connection on port 4070.
To block port 4070 we added destination port 4070 to the blocked ports under "Block/Accept" Tab > "IP Block/Exempt"
Checking netstat -ao again shows Spotify attempting to reach out on port 4070 "SYN_SENT", however the Barracuda Web Filter does not let it through and Spotify is now showing offline.
Conclusion: It appears that Spotify will first attempt to use port 4070 (which Barracuda can't block via "Content Filter") and if it doesn't connect on port 4070 it will fallback to port 443 (HTTPS). The Barracuda Web Filter is able to block Spotify on port 443 (HTTPS) assuming that HTTPS Filtering is on.
Lewan is a Premier Barracuda partner, the highest level of recognition in VAR partnership program.
Our Networking solution experts can manage and maintain your internet usage policies so your organization is always compliant and secure, to learn more.