Hi all, In order to prevent users to upload data to Personal Share network and File Sharing categories, I need to create a rule to block outgoing flow and allow incoming one (Download). Does anybody build this kind of rules? SSL Scanner is enable, so proxy will be able to decrypt flow.
I don't find simple rule to block these categories (ex: Wetransfer, box, dropbox, etc...), but only by Application Control (I don't know this feature).
My version of MWG is 9.2.8 (35765). Thank you for your feedback. Andre
categories won't help in this case as they are used to block complete access. In order to control "features" of such an "application", the application control feature is correct. It allows to filter in more detail for specific URLs.
In order to allow/block specific features you need to work out the specific URLs or check if the request is a POST/GET request to allow/block access.
Usually you would manually make a rule like "URL matches upload.dropbox.com/upload AND Command.Name equals POST Then Block", to block uploads. In case the "upload" path within Dropbox changes, you would need to re-configure your rules.
The application control is exactly doing this thing. It knows an application and the URLs/methods used to call specific features within this application, so it might be the right thing for you.
Anyway it does not provide an "overall" configuration like "Do not allow uploads for any Personal Storage" web site. In such cases I would use a more generic approach and say "If URL.Categories contains Personal Storage AND Command.Name equals POST AND Body.Size > 20480 Then Block". This would allow all POSTS up to a size of 20 KB, so if should be allowing login attempts, but block an upload.
Note: Technically a POST to login, a POST to search and a POST to upload are the same. There is no such thing like "upload" in HTTP, so blocking all POSTs will prevent users from logging in. The size or maybe working with media type filter can help to make a difference between "upload" and login/search requests.
Hello, thank you for your reply.
Your advise with "generic" approach works with some PSN like "grosfichiers" or "dropbox", but not with "wetransfer" which lets user upload a big files while MWG notify it is blocked? Strange. In attchment the rule and the ruletracing.
Best regards. Andre
The rule seems to show that the upload is sueccessfully blocked. Can you check if the file that was uploaded is actually a usable file or just an empty object?
If the file is uploaded probably the try to upload and in case that fails - call some other local code and upload using a different way. You should run the web developer tools of the browser and check if there is any other POST or PUT to some other destinaction, which contains the uploaded file.
Is there any other way for the browser to get to the internet, e.g. by ignoring the proxy or using UDP traffic? They may try to find an alternative way to upload the data once the first upload attempt is blocked.