cancel
Showing results for 
Search instead for 
Did you mean: 

Web Upload Filter configuration in MWG 7.0

Hello,

at the moment we use webwasher 6.8 as proxy. In the configuration I have enabled "Forbid uploads of all files (FTP)" in the Web-Upload Filter and configured the "Maximal size of uploaded parameter" and "Maximal size of uploaded file" for HTTP-Upload.

Now I configured webgateway 7.0. Can anyone tell me how can I configure these options in mwg 7.0. I can't find any information in the mwg product guide.

Thanks.

Best regards,

Janine

7 Replies
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Web Upload Filter configuration in MWG 7.0

Hello Janine,

the parameter setting in the upload filter will no longer be required, as it was the setting in MWG to set an internal buffer more or less. MWG 7 handles this completely different. So no need to configure this .

For the size and fpt upload, you can use something like:

Size.jpg

I'm also attaching a rule sample.

best,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: Web Upload Filter configuration in MWG 7.0

Hello Michael,

thanks for your sample rule. But I'm a little bit confused. You have set the criteria in the Upload Size Filtering ruleset to Connection.protocol equals HTTP or HTTPS and the Command.name to POST or PUT. In the Block FTP uploads rule you configure the connection.protocol to FTP and the command.name to PUT or MPUT.

How does this work? I have test it but the ftp upload is running. I can't see a blocking page because the filter works only for HTTP or HTTPS traffic. Should I create an extra ruleset only with FTP protocol and blocking ftp-uploads?

Why do you configure the action Continue not Block in your ruleset?

Thanks.

Best regards,
Janine

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: Web Upload Filter configuration in MWG 7.0

Good find! You are right - you need to add FTP to the protocols and you need to change the action to block of course. I generall don't set my rules to block, simply because I don't want them to block traffic in your org immediately and be liable for a block that is caused by a rule that I created and which might do something that you don't want.

best,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: Web Upload Filter configuration in MWG 7.0

Hi

In WW6.8, it was possible to completely block uploads through HTTP and FTP, while still allowing POSTs (for login credential transmission for example). How can this be achieved in MWG7? If I just block the POST command, quite a lot of things will not work anymore. Do I always have to combine with a size parameter? Is there any other possibility? When I use the size, users still can upload data up to the specified size.....

Michael; you wrote that the parameter max size doesn't have to be configured anymore. Wasn't that used exactly for the problem I mentioned?

Thanks for any info.

Regards

Roman

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: Web Upload Filter configuration in MWG 7.0

Hello,


sign ins are usually application/x-www-form-urlencoded whereas uploads are multipart/form-data. So just blocking multipart/form-data did the trick for me.

best,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Web Upload Filter configuration in MWG 7.0

Hi Michael

just blocking mutipart/form-data actually doesn't work very well in "the wild", as quite a lot of login form use this media type, even if it is mainly used for upload. So I probably go back to a filter base on size (content-length header) in order to have a similar behaviour as in 6.8.

Regards

Roman

SHIV
Level 7
Report Inappropriate Content
Message 8 of 8

Web Upload Filter configuration in MWG 7.0

Hi Michael,

I trying to configure WebUpload Filter on MWG 7, I tested your Upload Size Filtering.xml rule set also.

based on your rule i did not get any block page for HTTP,HTTPS uploades.

my requirment is should get block HTTP & HTTPS and it should shows block action.

based on  your sample rule Upload Size Filtering ruleset :

Connection.protocol equals HTTPor HTTPS

and Command.name to POSTor PUT      [ But there is no block action for that ]

and i want to recrict uploads size for  HTTP & HTTPS traffic  ( all upodes should allow if it is below 5 Mb and  any uplodes more than 5 mb it should block through HTTP )

Please guide me how to do that ?

FTP uploads rule you configure the

connection.protocol to FTP and

command.name to PUT or MPUT. ( it is woking fine)

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.