at the moment we use webwasher 6.8 as proxy. In the configuration I have enabled "Forbid uploads of all files (FTP)" in the Web-Upload Filter and configured the "Maximal size of uploaded parameter" and "Maximal size of uploaded file" for HTTP-Upload.
Now I configured webgateway 7.0. Can anyone tell me how can I configure these options in mwg 7.0. I can't find any information in the mwg product guide.
the parameter setting in the upload filter will no longer be required, as it was the setting in MWG to set an internal buffer more or less. MWG 7 handles this completely different. So no need to configure this .
For the size and fpt upload, you can use something like:
I'm also attaching a rule sample.
thanks for your sample rule. But I'm a little bit confused. You have set the criteria in the Upload Size Filtering ruleset to Connection.protocol equals HTTP or HTTPS and the Command.name to POST or PUT. In the Block FTP uploads rule you configure the connection.protocol to FTP and the command.name to PUT or MPUT.
How does this work? I have test it but the ftp upload is running. I can't see a blocking page because the filter works only for HTTP or HTTPS traffic. Should I create an extra ruleset only with FTP protocol and blocking ftp-uploads?
Why do you configure the action Continue not Block in your ruleset?
Good find! You are right - you need to add FTP to the protocols and you need to change the action to block of course. I generall don't set my rules to block, simply because I don't want them to block traffic in your org immediately and be liable for a block that is caused by a rule that I created and which might do something that you don't want.
In WW6.8, it was possible to completely block uploads through HTTP and FTP, while still allowing POSTs (for login credential transmission for example). How can this be achieved in MWG7? If I just block the POST command, quite a lot of things will not work anymore. Do I always have to combine with a size parameter? Is there any other possibility? When I use the size, users still can upload data up to the specified size.....
Michael; you wrote that the parameter max size doesn't have to be configured anymore. Wasn't that used exactly for the problem I mentioned?
Thanks for any info.
sign ins are usually
application/x-www-form-urlencoded whereas uploads are multipart/form-data. So just blocking multipart/form-data did the trick for me.
just blocking mutipart/form-data actually doesn't work very well in "the wild", as quite a lot of login form use this media type, even if it is mainly used for upload. So I probably go back to a filter base on size (content-length header) in order to have a similar behaviour as in 6.8.
I trying to configure WebUpload Filter on MWG 7, I tested your Upload Size Filtering.xml rule set also.
based on your rule i did not get any block page for HTTP,HTTPS uploades.
my requirment is should get block HTTP & HTTPS and it should shows block action.
based on your sample rule Upload Size Filtering ruleset :
Connection.protocol equals HTTPor HTTPS
and Command.name to POSTor PUT [ But there is no block action for that ]
and i want to recrict uploads size for HTTP & HTTPS traffic ( all upodes should allow if it is below 5 Mb and any uplodes more than 5 mb it should block through HTTP )
Please guide me how to do that ?
FTP uploads rule you configure the
connection.protocol to FTP and
command.name to PUT or MPUT. ( it is woking fine)