This article applies to:
Question:
- How do I block specific features of Skype?
- How do I block file transfers through Skype?
Procedure:
You may want to allow core functions of Skype but block certain features (such as file transfer)
- Ensure that Skype traffic is passing through WebMarshal. HTTPS content inspection is required. See article Q11389.
- Enable Traffic Logging.
- Establish the Skype session and validate that the activity shows in Traffic Logging.
- Perform the action you want to control, such as a file transfer.
- Check the Traffic Log to see what connections are logged from the workstation you are using to test.
- Make one or more rules based on the results. Rules can block a combination of URL, MIME type, file type, or other conditions.
- Test the rule.
Example:
At the time this article was reviewed, the traffic log for a Skype file transfer includes a line similar to the following (note the MIME type "image/jpeg" will vary):
2017-12-18 10:50:30 "VM-EXAMPLETW45" "10.160.80.15" 10.160.80.15 "10.160.80.15"
"api.asm.skype.com" "image/jpeg" 443 - 200
To block file transfers, you can block access to https://api.asm.skype.com/
The traffic log for a transfer blocked by a rule is similar to:
2017-12-18 10:55:04 "VM-EXAMPLETW45" "10.160.80.15" 10.160.80.15 "10.160.80.15"
"api.asm.skype.com" - 443 "Standard Rules\Global Policy\skype file"
Notes:
- Skype features and implementations are often updated. You should check periodically to make sure your policy continues to work as expected.
- The general method described can help you to update WebMarshal policy if Skype implementations change
