How do I allow Spotify®?

Article #: Product Castle
1866 All All

Summary

In order to allow Spotify, you need to exclude it from Authentication and open some additional ports.

Problem

Spotify will not connect for network users as it doesn't support NTLM authentication.

Solution

Although the Spotify domain is part of the Audio and Video standard category, you need to create a separate custom category containing just Spotify "stuff" for this to work.

  1. Create a new category in Guardian » Policy objects » Categories called Spotify.
  2. Add the following to Domain/URL filtering:
    • spotify.com
    • ap2.spotify.com
    • play.spotify.edgekey.net
    • spotilocal.com
    • ap1.spotify.com
    • ap.spotify.com
    • Embed.spotify.com
    • apresolve.spotify.com
    • play.spotify.com
    • 194.68.28.0/22
    • 193.182.8.0/21
    • 78.31.8.0/21
    • 193.235.232.0/24
  3. Go to Web proxy > Authentication > Exceptions.
  4. Locate and add the newly created Spotify group to Included categories or category groups.
  5. Go to Guardian > Web filter > Policy wizard.
  6. Create a new policy with the following:
    • Who — Add the users or groups you wish it to apply to, or select Everyone
    • What — Spotify (which you have just created)
    • Where — Add the locations you wish it to apply to, or Everywhere
    • When — Add the times you wish it to apply at, or Always
    • Action — Whitelist
  7. Go to Guardian > Web filter > Manage policies.
  8. Move the policy to the top of the Web filter policy table.
  9. Add ports 4070 and 1935 to an accept rule on your firewall, along with common port groups.

Attribution:

Last updated: Author: Contributions by:
23 August 2016   DMT