cancel
Showing results for 
Search instead for 
Did you mean: 
mgarten
Level 7

Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

we started to use MWG 7. Now we have the question whether the following scenario is possible:

At the moment the category "Personal Network Storage" is blocked. So nobody can download or upload data to the sites behind this category.

Is it possible to allow the download from sites of the category and forbid the upload to such sites?

Thanks and Regards

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions
Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
0 Kudos
10 Replies
fschulte
Level 10

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hi mgarten!

Yes, this is possible.

I have not tested it, but you can just add an additional contition to your block rule. Now it will look like this:

Criteria:

URL.Categories contains "Personal Network Storage"

AND

(Command.Name equals "POST"

OR

Command.Name equals "PUT")

Action:

Block

You may do some research, which HTTP methods need to be handled.

Ciao

Felix

0 Kudos
feeeds
Level 9

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Does anyone have any more input on if this will work or not ?

0 Kudos
eelsasser
Level 15

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions
Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
0 Kudos
feeeds
Level 9

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

could you post this in an xml format so I can import it and review it on my system? Curious why you use file sharing and not personal network storage. thx

0 Kudos
eelsasser
Level 15

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I use the application control name instead of the category simply because that's how my rules are setup.

"A nod's as good as a wink to a blind bat"

0 Kudos

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Thanks for the good idea. I had only login and logout for readonly exceptions. And the Statistic Counter is fine too.

I have another question to your rule set. Do you have an extra block message for application control?

I use at this moment the same like url blocked with site review.

0 Kudos
eelsasser
Level 15

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I have a highly customized set of block pages and one specifically for Application Control.

You can create a new template for AppControl specifically and copy the HTML in from another page, or just set the action on your to an existing page, like Block<URL Filter>

0 Kudos
mgarten
Level 7

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

I just implement the solution provided by eelsasser and it works. Thanks

But I have some questions.

1) Where can I see the statistic counter? Not in the dasboard or?

2) It seems that it doens work for www.icloud.com. In our case the login to it is not working. Does anyone have a solution for that?

0 Kudos
eelsasser
Level 15

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

The counter should be the Application Control Counter on the  Executive summary and the App Control statistics on the dashboard.

Can't really tell about iCloud. I don't have an apple device to setup the account with, but is appears that you may have to put another exception into the logon.

From what I can tell from my access denied logs, the logon also POSTs to:

https://setup.icloud.com/setup/ws/1/validate

Try adding that to the exceptions list.

Check you access_denied log for what's blocked.

I also have a POST log i use for debugging this that records each POST in a seperate log. It's very useful for this purpose:

Debug: POST.log
1: Command.Name equals "POST"
ContinueSet User-Defined.logLine =
     DateTime.ToWebReporterString +
     " "" +
     String.ReplaceIfEquals(Authentication.UserName,"","-") +
     "" " +
     String.ReplaceIfEquals(IP.ToString(Client.IP),"","-") +
     " " +
     String.ReplaceIfEquals(IP.ToString(URL.Destination.IP),"","-") +
     " " +
     String.ReplaceIfEquals(Number.ToString(Response.StatusCode),"","-") +
     " "" +
     String.ReplaceIfEquals(MediaType.ToString(MediaType.FromHeader),"","-") +
     "" "" +
     String.ReplaceIfEquals(List.OfCategory.ToString(URL.Categories<MostRecent>),"","-") +
     "" "" +
     String.ReplaceIfEquals(Application.ToString(Application.Name),"","-") +
     "" "" +
     Request.Header.FirstLine +
     """
FileSystemLogging.WriteLogEntry(User-Defined.logLine)<POST.log>
0 Kudos