In an environment where we have audit drivers to block the Messenging category, Google talk is blocked. But boy howdy do we see a LOT of requests from web browsers (logged into Gmail I assume) trying like heck to make it work. It really craps up the logs, and I wonder if it contributes heavily to our requests per second and sluggish performance.
Curious how other folks have tackled similar challenges.
This environment does use a PAC WPAD file to an explicit set of proxies.
I'm curious if blackholing clients1.google.com and hangouts.google.com in the PAC to use a proxy of localhost might be an interesting way to keep that junk off the proxy and not bouncing off egress firewall rules. Not sure if it'd cause new and interesting problems though.
Here's a Reporter screenshot of one particular ugly offender who happened to be a Linux desktop user in the environment. This was just for one day, and taken around 1pm. That's a LOT of request.
Thanks for any constructive advice!
I configured a log handler configuration that doesn't log anything.
I configured a rule near the top of the rule set to block that sort traffic and set the log handler to the one that doesn't log.