cancel
Showing results for 
Search instead for 
Did you mean: 
sec-wartung
Level 7

Web Upload Filter configuration in MWG 7.0

Hello,

at the moment we use webwasher 6.8 as proxy. In the configuration I have enabled "Forbid uploads of all files (FTP)" in the Web-Upload Filter and configured the "Maximal size of uploaded parameter" and "Maximal size of uploaded file" for HTTP-Upload.

Now I configured webgateway 7.0. Can anyone tell me how can I configure these options in mwg 7.0. I can't find any information in the mwg product guide.

Thanks.

Best regards,

Janine

0 Kudos
7 Replies
McAfee Employee

Re: Web Upload Filter configuration in MWG 7.0

Hello Janine,

the parameter setting in the upload filter will no longer be required, as it was the setting in MWG to set an internal buffer more or less. MWG 7 handles this completely different. So no need to configure this .

For the size and fpt upload, you can use something like:

Size.jpg

I'm also attaching a rule sample.

best,

Michael

0 Kudos
sec-wartung
Level 7

Re: Web Upload Filter configuration in MWG 7.0

Hello Michael,

thanks for your sample rule. But I'm a little bit confused. You have set the criteria in the Upload Size Filtering ruleset to Connection.protocol equals HTTP or HTTPS and the Command.name to POST or PUT. In the Block FTP uploads rule you configure the connection.protocol to FTP and the command.name to PUT or MPUT.

How does this work? I have test it but the ftp upload is running. I can't see a blocking page because the filter works only for HTTP or HTTPS traffic. Should I create an extra ruleset only with FTP protocol and blocking ftp-uploads?

Why do you configure the action Continue not Block in your ruleset?

Thanks.

Best regards,
Janine

0 Kudos
McAfee Employee

Re: Web Upload Filter configuration in MWG 7.0

Good find! You are right - you need to add FTP to the protocols and you need to change the action to block of course. I generall don't set my rules to block, simply because I don't want them to block traffic in your org immediately and be liable for a block that is caused by a rule that I created and which might do something that you don't want.

best,

Michael

0 Kudos
itagsupport
Level 9

Re: Web Upload Filter configuration in MWG 7.0

Hi

In WW6.8, it was possible to completely block uploads through HTTP and FTP, while still allowing POSTs (for login credential transmission for example). How can this be achieved in MWG7? If I just block the POST command, quite a lot of things will not work anymore. Do I always have to combine with a size parameter? Is there any other possibility? When I use the size, users still can upload data up to the specified size.....

Michael; you wrote that the parameter max size doesn't have to be configured anymore. Wasn't that used exactly for the problem I mentioned?

Thanks for any info.

Regards

Roman

0 Kudos
McAfee Employee

Re: Web Upload Filter configuration in MWG 7.0

Hello,


sign ins are usually application/x-www-form-urlencoded whereas uploads are multipart/form-data. So just blocking multipart/form-data did the trick for me.

best,

Michael

0 Kudos
itagsupport
Level 9

Web Upload Filter configuration in MWG 7.0

Hi Michael

just blocking mutipart/form-data actually doesn't work very well in "the wild", as quite a lot of login form use this media type, even if it is mainly used for upload. So I probably go back to a filter base on size (content-length header) in order to have a similar behaviour as in 6.8.

Regards

Roman

0 Kudos
SHIV
Level 7

Web Upload Filter configuration in MWG 7.0

Hi Michael,

I trying to configure WebUpload Filter on MWG 7, I tested your Upload Size Filtering.xml rule set also.

based on your rule i did not get any block page for HTTP,HTTPS uploades.

my requirment is should get block HTTP & HTTPS and it should shows block action.

based on  your sample rule Upload Size Filtering ruleset :

Connection.protocol equals HTTPor HTTPS

and Command.name to POSTor PUT      [ But there is no block action for that ]

and i want to recrict uploads size for  HTTP & HTTPS traffic  ( all upodes should allow if it is below 5 Mb and  any uplodes more than 5 mb it should block through HTTP )

Please guide me how to do that ?

FTP uploads rule you configure the

connection.protocol to FTP and

command.name to PUT or MPUT. ( it is woking fine)

0 Kudos