7 Replies Latest reply on Mar 2, 2011 6:16 AM by itagsupport

    Web Upload Filter configuration in MWG 7.0

    sec-wartung

      Hello,

       

      at the moment we use webwasher 6.8 as proxy. In the configuration I have enabled "Forbid uploads of all files (FTP)" in the Web-Upload Filter and configured the "Maximal size of uploaded parameter" and "Maximal size of uploaded file" for HTTP-Upload.

      Now I configured webgateway 7.0. Can anyone tell me how can I configure these options in mwg 7.0. I can't find any information in the mwg product guide.

       

      Thanks.

       

      Best regards,

      Janine

        • 1. Re: Web Upload Filter configuration in MWG 7.0
          michael_schneider

          Hello Janine,

           

          the parameter setting in the upload filter will no longer be required, as it was the setting in MWG to set an internal buffer more or less. MWG 7 handles this completely different. So no need to configure this .

          For the size and fpt upload, you can use something like:

           

          Size.jpg

          I'm also attaching a rule sample.

           

          best,

          Michael

          • 2. Re: Web Upload Filter configuration in MWG 7.0
            sec-wartung

            Hello Michael,

             

            thanks for your sample rule. But I'm a little bit confused. You have set the criteria in the Upload Size Filtering ruleset to Connection.protocol equals HTTP or HTTPS and the Command.name to POST or PUT. In the Block FTP uploads rule you configure the connection.protocol to FTP and the command.name to PUT or MPUT.

             

            How does this work? I have test it but the ftp upload is running. I can't see a blocking page because the filter works only for HTTP or HTTPS traffic. Should I create an extra ruleset only with FTP protocol and blocking ftp-uploads?

             

            Why do you configure the action Continue not Block in your ruleset?

             

            Thanks.

             

            Best regards,
            Janine

            • 3. Re: Web Upload Filter configuration in MWG 7.0
              michael_schneider

              Good find! You are right - you need to add FTP to the protocols and you need to change the action to block of course. I generall don't set my rules to block, simply because I don't want them to block traffic in your org immediately and be liable for a block that is caused by a rule that I created and which might do something that you don't want.

               

              best,

              Michael

              • 4. Re: Web Upload Filter configuration in MWG 7.0
                itagsupport

                Hi

                 

                In WW6.8, it was possible to completely block uploads through HTTP and FTP, while still allowing POSTs (for login credential transmission for example). How can this be achieved in MWG7? If I just block the POST command, quite a lot of things will not work anymore. Do I always have to combine with a size parameter? Is there any other possibility? When I use the size, users still can upload data up to the specified size.....

                Michael; you wrote that the parameter max size doesn't have to be configured anymore. Wasn't that used exactly for the problem I mentioned?

                 

                Thanks for any info.

                Regards

                Roman

                • 5. Re: Web Upload Filter configuration in MWG 7.0
                  michael_schneider

                  Hello,


                  sign ins are usually application/x-www-form-urlencoded whereas uploads are multipart/form-data. So just blocking multipart/form-data did the trick for me.

                   

                  best,

                  Michael

                  • 6. Web Upload Filter configuration in MWG 7.0

                    Hi Michael,

                     

                    I trying to configure WebUpload Filter on MWG 7, I tested your Upload Size Filtering.xml rule set also.

                     

                    based on your rule i did not get any block page for HTTP,HTTPS uploades.

                     

                    my requirment is should get block HTTP & HTTPS and it should shows block action.

                     

                    based on  your sample rule Upload Size Filtering ruleset :

                    Connection.protocol equals HTTPor HTTPS

                    and Command.name to POSTor PUT      [ But there is no block action for that ]

                     

                    and i want to recrict uploads size for  HTTP & HTTPS traffic  ( all upodes should allow if it is below 5 Mb and  any uplodes more than 5 mb it should block through HTTP )

                     

                    Please guide me how to do that ?

                     

                    FTP uploads rule you configure the

                    connection.protocol to FTP and

                    command.name to PUT or MPUT. ( it is woking fine)

                    • 7. Web Upload Filter configuration in MWG 7.0
                      itagsupport

                      Hi Michael

                       

                      just blocking mutipart/form-data actually doesn't work very well in "the wild", as quite a lot of login form use this media type, even if it is mainly used for upload. So I probably go back to a filter base on size (content-length header) in order to have a similar behaviour as in 6.8.

                       

                      Regards

                      Roman