cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
mgarten
mgarten
Level 7
Report Inappropriate Content
Message 1 of 11
‎11-23-2011 02:32 AM

Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

we started to use MWG 7. Now we have the question whether the following scenario is possible:

At the moment the category "Personal Network Storage" is blocked. So nobody can download or upload data to the sites behind this category.

Is it possible to allow the download from sites of the category and forbid the upload to such sites?

Thanks and Regards

0 Kudos
Reply
1 Solution

Accepted Solutions
eelsasser
eelsasser
Level 15
Report Inappropriate Content
Message 4 of 11
‎07-18-2012 11:44 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions		Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
0 Kudos
Reply
10 Replies
fschulte
fschulte
Level 10
Report Inappropriate Content
Message 2 of 11
‎11-23-2011 04:02 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hi mgarten!

Yes, this is possible.

I have not tested it, but you can just add an additional contition to your block rule. Now it will look like this:

Criteria:

URL.Categories contains "Personal Network Storage"

AND

(Command.Name equals "POST"

OR

Command.Name equals "PUT")

Action:

Block

You may do some research, which HTTP methods need to be handled.

Ciao

Felix

0 Kudos
Reply
feeeds
feeeds
Level 9
Report Inappropriate Content
Message 3 of 11
‎07-18-2012 11:06 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Does anyone have any more input on if this will work or not ?

0 Kudos
Reply
eelsasser
eelsasser
Level 15
Report Inappropriate Content
Message 4 of 11
‎07-18-2012 11:44 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

It does work. I use a rule like this to make anything that is in the File Sharing application control to be read only.

Category: File Sharing
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: Application.Name is in list File Sharing
EnabledRuleActionEventsComments
DisabledReadOnly: Exceptions
1: Command.Name equals "POST"
2: AND URL.Path does not match in list ReadOnly: Exceptions		Block<Application Control>Statistics.Counter.Increment("BlockedByApplControl",1)<Default>Exception URL that are allowed to POST

The Read Only: Exceptions list has these entries to allow posting of logon and logoff information:

#ReadOnly: Exceptions
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout*Generic logout URL
4*logoff*Generic logout URL
5*auth*Generic authenticate URL
6*browse*Generic Search function
0 Kudos
Reply
feeeds
feeeds
Level 9
Report Inappropriate Content
Message 5 of 11
‎07-18-2012 12:18 PM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

could you post this in an xml format so I can import it and review it on my system? Curious why you use file sharing and not personal network storage. thx

0 Kudos
Reply
eelsasser
eelsasser
Level 15
Report Inappropriate Content
Message 6 of 11
‎07-18-2012 12:28 PM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I use the application control name instead of the category simply because that's how my rules are setup.

"A nod's as good as a wink to a blind bat"

0 Kudos
Reply
florian.hallas
florian.hallas
Level 9
Report Inappropriate Content
Message 7 of 11
‎07-19-2012 02:10 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Thanks for the good idea. I had only login and logout for readonly exceptions. And the Statistic Counter is fine too.

I have another question to your rule set. Do you have an extra block message for application control?

I use at this moment the same like url blocked with site review.

0 Kudos
Reply
eelsasser
eelsasser
Level 15
Report Inappropriate Content
Message 8 of 11
‎07-19-2012 08:28 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

I have a highly customized set of block pages and one specifically for Application Control.

You can create a new template for AppControl specifically and copy the HTML in from another page, or just set the action on your to an existing page, like Block<URL Filter>

0 Kudos
Reply
mgarten
mgarten
Level 7
Report Inappropriate Content
Message 9 of 11
‎09-13-2012 07:12 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

Hello,

I just implement the solution provided by eelsasser and it works. Thanks

But I have some questions.

1) Where can I see the statistic counter? Not in the dasboard or?

2) It seems that it doens work for www.icloud.com. In our case the login to it is not working. Does anyone have a solution for that?

0 Kudos
Reply
eelsasser
eelsasser
Level 15
Report Inappropriate Content
Message 10 of 11
‎09-13-2012 08:47 AM

Re: Download/Upload handling for a specific Category (Personal Network Storage)

Jump to solution

The counter should be the Application Control Counter on the  Executive summary and the App Control statistics on the dashboard.

Can't really tell about iCloud. I don't have an apple device to setup the account with, but is appears that you may have to put another exception into the logon.

From what I can tell from my access denied logs, the logon also POSTs to:

https://setup.icloud.com/setup/ws/1/validate

Try adding that to the exceptions list.

Check you access_denied log for what's blocked.

I also have a POST log i use for debugging this that records each POST in a seperate log. It's very useful for this purpose:

Debug: POST.log
1: Command.Name equals "POST"		ContinueSet User-Defined.logLine =
     DateTime.ToWebReporterString +
     " "" +
     String.ReplaceIfEquals(Authentication.UserName,"","-") +
     "" " +
     String.ReplaceIfEquals(IP.ToString(Client.IP),"","-") +
     " " +
     String.ReplaceIfEquals(IP.ToString(URL.Destination.IP),"","-") +
     " " +
     String.ReplaceIfEquals(Number.ToString(Response.StatusCode),"","-") +
     " "" +
     String.ReplaceIfEquals(MediaType.ToString(MediaType.FromHeader),"","-") +
     "" "" +
     String.ReplaceIfEquals(List.OfCategory.ToString(URL.Categories<MostRecent>),"","-") +
     "" "" +
     String.ReplaceIfEquals(Application.ToString(Application.Name),"","-") +
     "" "" +
     Request.Header.FirstLine +
     """
FileSystemLogging.WriteLogEntry(User-Defined.logLine)<POST.log>
0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC