Blocking Facebooks networks on ASA firewall
If web site owners embed a facebook like button, personal data is transferred to facebook and those web sites violate against Europe’s GDPR laws.
To protect myself from other web sites illegal GDRP violations I implemented an access control list for facebook’s network ranges on my ASA firewall.
To get all IP ranges (in this case legacy IPv4 ranges) I am going to query with whois facebook’s Autonomous system number AS32934. The command line below will give me all IPv4 ranges assigned to facebook.
~$ whois -h whois.radb.net -- '-i origin AS32934' | grep 'route:' route: 69.63.176.0/20 ...and so on...
Based on above network list (about 90 network ranges) I can build up an Access Control List like this:
name 69.63.176.0 zzz-facebook.69.63.176.0-20 ...and so on... object-group network grp-facebook-networks network-object object zzz-facebook.69.63.176.0-20 ...and so on... access-list inside_access_in extended deny ip object [LOCAL-NETWORK] object-group grp-facebook-networks
For background information see (in German):
Verbraucherzentrale: EuGH-Generalanwalt äußert sich zum Like-Button… and WBS Rechtsanwaelte: Facebook Like Button vor dem EuGH… or in english The Register: Facebook Like, social sharing buttons on your website may land you in GDPR hot water…