cancel
Showing results for 
Search instead for 
Did you mean: 
irivera
Level 7

Help creating rule to deny uploads to file sharing sites Web Gateway 7.3

I have been trying to find means to allow users to be able to download files from websites like Dropbox, Box... while not allowing uploads to those websites.  This might have been answered in an other thread but I have not been able to find any answers and all of my attempts have ended up blocking access to the site entirely.  I cannot block access nor downloads from these sites as we have clients that use these sites to provide us with documents, but in order to comply with security requests from a particular client, I am being requested to block or find a way to block uploading to these websites.  I tried emulating the rules like the ones found for blocking uploading attachments to web mail (url.category) but couldnt find in the list the items that are under P2P/ File Sharing to see if that is the category needed to include dropbox.

Any help or guidance will be greatly appreciated.  I don't have much experience with the web gateway and most of the rules I have either been able to find via the community or by sheer accident.

Thanks

Isaura

0 Kudos
3 Replies
msiemens
Level 9

Re: Help creating rule to deny uploads to file sharing sites Web Gateway 7.3

A partial solution is to filter on category "Personal Network Storage" and command name does not equal "POST". While this prevents uploads, it also prevents authentication, if required. Adding an exception list will allow to define exceptions.

My rule goes something like this:

     URL.Categories <Default> contains Personal Network Storage AND (

     Command.Name does not equal "POST" OR

     URL matches in list Allow Network Storage Download POST Exceptions)

The action is "Stop Rule Set" to allow the normal AV and other processing to occur further on down the policy.

Mike

0 Kudos
irivera
Level 7

Re: Help creating rule to deny uploads to file sharing sites Web Gateway 7.3

Thanks for the info.  I was looking at the wrong category (P2P/ File Sharing).  After i posted here, I played around with the rule for Webmail that i found in the McAfee KB (McAfee KnowledgeBase - Web Gateway - How to block Web Mail attachment uploads and downloads by media...), and added extra consideration the Personal Network storage with the same files types for blocking.  It appears to let me sign in to dropbox and see items but not upload. 

mcafee.JPG

Not sure if this is the best approach or if it leaves options where users can go around the rule, but from the little test i was able to perform (dropbox and onedrive) neither allowed me to upload files to it.  Posting my results in case it helps others with similar issue.

0 Kudos
ifrank
Level 9

Re: Re: Help creating rule to deny uploads to file sharing sites Web Gateway 7.3

Here is a Rule Set that pretty much does what msiemens explained above. It has the exception list needed. It also has an additional rule that blocks the link to the business solution. And it implements coaching for these sites, to help educate users. The sites covered are Dropbox and WeTransfer.

0 Kudos