Home / server / Questions / 358735
In Process
chrism2671
Asked: 2012-02-11 04:32:08 +0800 CST

How can I block Spotify on our company network?

  • 772

How can I block Spotify on our company network? Unfortunately it's killing our bandwidth and the effect is really serious.

firewall streaming qos

7 Answers

  1. You can fix this sort of thing via technology - basically firewall off the sources and/or ports - but I'm a big believer in not turning a HR problem into a game of cat'n'mouse with your users.

    Simply speak to HR, explain the problem and ask them to make a policy regarding this issue and have them communicate it to your users. Then simply agree with HR to do periodic traffic analysis, letting them know of any users breaking this policy and have them deal with the them.

    Basically trying to fix it yourself will just get you tied up in knots, and utterly hated too, which as we know is the job of HR already :)

    • 24

  2. You can install spotify yourself, sniff the traffic, and block outbound connections to their servers on your firewall.

    Or

    You can get a rate shaper that does packet inspection and shape the traffic for streaming audio to zero or close to it, then whitelist any legitimate audio streaming sites that you approve.

    • 5

  3. The IP range 78.31.8.0/22 also belongs to spotify.com so the complete list would be

    78.31.8.0/22
193.182.8.0/21
193.235.232.0/24
    • 4

  4. The router you mentioned is a perfectly capable router and can block IP addresses, but web filtering is a bit more advanced for most routers in that class.

    Assuming that your staff is not made up of computer nerds who waste the day on Stack Exchange know what a DNS server does, I've had success with simply using OpenDNS to block Spotify and other social networking sites. It's a good solution, simple, very non-technical and free.

    The downside is that you cannot filter anything finer than the domain name (so you can only filter all of spotify.com, but not filter spotify.com/customers while allowing spotify.com/users). The filters are all-or-nothing, there is no way to allow the bosses to surf for porn without blocking the other users (other than manually overriding their DNS server settings, which I've had to do for my clients using OpenDNS). And, by manually overriding the DNS server settings on the client computers, the OpenDNS filters are easily defeated.

    For reference, you would create a (free) account with OpenDNS. Using their webfiltering dashboard (as pictured for one of my clients below), you can add spotify.com to the list of domains that are blacklisted. OpenDNS management screen
    You can then reprogram the DHCP server built into your router to change the DNS settings from whatever your ISP had provided to the OpenDNS servers, in this case, 208.67.222.222 and 208.67.220.220. Anyone going to spotify.com in the future would be met with an error screen handed out by OpenDNS.

    • 1

  5. If you have a company internal DNS server and block all external DNS traffic via firewall, you can simply refer all relevant name resolutions for Spotify to an internal website of your choosing that can even inform the users about why it's blocked ...

    Just create a zone for the domain name or domain names in your DNS and point them to the IP of the "blocker website".

    I have proposed this to block Facebook apps when I was asked at my company and we successfully implemented it and it's usually cheaper and less resource intensive than deep packet inspection rules ...

    • 1

  6. I know this is an old question, but I was able to block spotify by blocking these two IP ranges in my firewall:

    193.235.232.0/24
193.182.8.0/21

    That blocked the mobile and desktop clients for us.

    • 1

  7. Search IPs by Spotify on site bgp.he.net - http://bgp.he.net/search?search%5Bsearch%5D=spotify&commit=Search

    • 0