cancel
Showing results for 
Search instead for 
Did you mean: 
mgarten
Level 7
Report Inappropriate Content
Message 1 of 11

Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

we started to use MWG 7. Now we have the question whether the following scenario is possible:

At the moment the category "Personal Network Storage" is blocked. So nobody can download or upload data to the sites behind this category.

Is it possible to allow the download from sites of the category and forbid the upload to such sites?

Thanks and Regards

1 Solution

Accepted Solutions
eelsasser
Level 15
Report Inappropriate Content
Message 4 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions
Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
10 Replies
fschulte
Level 10
Report Inappropriate Content
Message 2 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hi mgarten!

Yes, this is possible.

I have not tested it, but you can just add an additional contition to your block rule. Now it will look like this:

Criteria:

URL.Categories contains "Personal Network Storage"

AND

(Command.Name equals "POST"

OR

Command.Name equals "PUT")

Action:

Block

You may do some research, which HTTP methods need to be handled.

Ciao

Felix

feeeds
Level 9
Report Inappropriate Content
Message 3 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Does anyone have any more input on if this will work or not ?

eelsasser
Level 15
Report Inappropriate Content
Message 4 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions
Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
feeeds
Level 9
Report Inappropriate Content
Message 5 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

could you post this in an xml format so I can import it and review it on my system? Curious why you use file sharing and not personal network storage. thx

eelsasser
Level 15
Report Inappropriate Content
Message 6 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I use the application control name instead of the category simply because that's how my rules are setup.

"A nod's as good as a wink to a blind bat"

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Thanks for the good idea. I had only login and logout for readonly exceptions. And the Statistic Counter is fine too.

I have another question to your rule set. Do you have an extra block message for application control?

I use at this moment the same like url blocked with site review.

eelsasser
Level 15
Report Inappropriate Content
Message 8 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I have a highly customized set of block pages and one specifically for Application Control.

You can create a new template for AppControl specifically and copy the HTML in from another page, or just set the action on your to an existing page, like Block<URL Filter>

mgarten
Level 7
Report Inappropriate Content
Message 9 of 11

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

I just implement the solution provided by eelsasser and it works. Thanks

But I have some questions.

1) Where can I see the statistic counter? Not in the dasboard or?

2) It seems that it doens work for www.icloud.com. In our case the login to it is not working. Does anyone have a solution for that?

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

The counter should be the Application Control Counter on the  Executive summary and the App Control statistics on the dashboard.

Can't really tell about iCloud. I don't have an apple device to setup the account with, but is appears that you may have to put another exception into the logon.

From what I can tell from my access denied logs, the logon also POSTs to:

https://setup.icloud.com/setup/ws/1/validate

Try adding that to the exceptions list.

Check you access_denied log for what's blocked.

I also have a POST log i use for debugging this that records each POST in a seperate log. It's very useful for this purpose:

Debug: POST.log
1: Command.Name equals "POST"
ContinueSet User-Defined.logLine =
     DateTime.ToWebReporterString +
     " "" +
     String.ReplaceIfEquals(Authentication.UserName,"","-") +
     "" " +
     String.ReplaceIfEquals(IP.ToString(Client.IP),"","-") +
     " " +
     String.ReplaceIfEquals(IP.ToString(URL.Destination.IP),"","-") +
     " " +
     String.ReplaceIfEquals(Number.ToString(Response.StatusCode),"","-") +
     " "" +
     String.ReplaceIfEquals(MediaType.ToString(MediaType.FromHeader),"","-") +
     "" "" +
     String.ReplaceIfEquals(List.OfCategory.ToString(URL.Categories<MostRecent>),"","-") +
     "" "" +
     String.ReplaceIfEquals(Application.ToString(Application.Name),"","-") +
     "" "" +
     Request.Header.FirstLine +
     """
FileSystemLogging.WriteLogEntry(User-Defined.logLine)<POST.log>
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community