cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
mgarten
mgarten
Level 7
‎11-23-2011 02:32 AM

Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

we started to use MWG 7. Now we have the question whether the following scenario is possible:

At the moment the category "Personal Network Storage" is blocked. So nobody can download or upload data to the sites behind this category.

Is it possible to allow the download from sites of the category and forbid the upload to such sites?

Thanks and Regards

0 Kudos
Reply
1 Solution

Accepted Solutions
eelsasser
eelsasser
Level 15
‎07-18-2012 11:44 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions		Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
0 Kudos
Reply
10 Replies
fschulte
fschulte
Level 10
‎11-23-2011 04:02 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hi mgarten!

Yes, this is possible.

I have not tested it, but you can just add an additional contition to your block rule. Now it will look like this:

Criteria:

URL.Categories contains "Personal Network Storage"

AND

(Command.Name equals "POST"

OR

Command.Name equals "PUT")

Action:

Block

You may do some research, which HTTP methods need to be handled.

Ciao

Felix

0 Kudos
Reply
feeeds
feeeds
Level 9
‎07-18-2012 11:06 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Does anyone have any more input on if this will work or not ?

0 Kudos
Reply
eelsasser
eelsasser
Level 15
‎07-18-2012 11:44 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions		Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
0 Kudos
Reply
feeeds
feeeds
Level 9
‎07-18-2012 12:18 PM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

could you post this in an xml format so I can import it and review it on my system? Curious why you use file sharing and not personal network storage. thx

0 Kudos
Reply
eelsasser
eelsasser
Level 15
‎07-18-2012 12:28 PM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I use the application control name instead of the category simply because that's how my rules are setup.

"A nod's as good as a wink to a blind bat"

0 Kudos
Reply
florian.hallas
florian.hallas
Level 9
‎07-19-2012 02:10 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Thanks for the good idea. I had only login and logout for readonly exceptions. And the Statistic Counter is fine too.

I have another question to your rule set. Do you have an extra block message for application control?

I use at this moment the same like url blocked with site review.

0 Kudos
Reply
eelsasser
eelsasser
Level 15
‎07-19-2012 08:28 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I have a highly customized set of block pages and one specifically for Application Control.

You can create a new template for AppControl specifically and copy the HTML in from another page, or just set the action on your to an existing page, like Block<URL Filter>

0 Kudos
Reply
mgarten
mgarten
Level 7
‎09-13-2012 07:12 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

I just implement the solution provided by eelsasser and it works. Thanks

But I have some questions.

1) Where can I see the statistic counter? Not in the dasboard or?

2) It seems that it doens work for www.icloud.com. In our case the login to it is not working. Does anyone have a solution for that?

0 Kudos
Reply
eelsasser
eelsasser
Level 15
‎09-13-2012 08:47 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

The counter should be the Application Control Counter on the  Executive summary and the App Control statistics on the dashboard.

Can't really tell about iCloud. I don't have an apple device to setup the account with, but is appears that you may have to put another exception into the logon.

From what I can tell from my access denied logs, the logon also POSTs to:

https://setup.icloud.com/setup/ws/1/validate

Try adding that to the exceptions list.

Check you access_denied log for what's blocked.

I also have a POST log i use for debugging this that records each POST in a seperate log. It's very useful for this purpose:

Debug: POST.log
1: Command.Name equals "POST"		ContinueSet User-Defined.logLine =
     DateTime.ToWebReporterString +
     " "" +
     String.ReplaceIfEquals(Authentication.UserName,"","-") +
     "" " +
     String.ReplaceIfEquals(IP.ToString(Client.IP),"","-") +
     " " +
     String.ReplaceIfEquals(IP.ToString(URL.Destination.IP),"","-") +
     " " +
     String.ReplaceIfEquals(Number.ToString(Response.StatusCode),"","-") +
     " "" +
     String.ReplaceIfEquals(MediaType.ToString(MediaType.FromHeader),"","-") +
     "" "" +
     String.ReplaceIfEquals(List.OfCategory.ToString(URL.Categories<MostRecent>),"","-") +
     "" "" +
     String.ReplaceIfEquals(Application.ToString(Application.Name),"","-") +
     "" "" +
     Request.Header.FirstLine +
     """
FileSystemLogging.WriteLogEntry(User-Defined.logLine)<POST.log>
0 Kudos
Reply