topic file blocking by size in Advanced Threat Prevention Discussions

file blocking by size

Amr-Alzoghby — Sun, 20 Sep 2020 10:59:29 GMT

How to block download file by size os 9.1 ??

Re: file blocking by size

reaper — Sun, 20 Sep 2020 11:07:37 GMT

You can create a custom threat and have it trigger once a byte count is exceeded

Re: file blocking by size

Amr-Alzoghby — Mon, 21 Sep 2020 05:46:19 GMT

could you explain the steps

Re: file blocking by size

reaper — Mon, 21 Sep 2020 09:35:26 GMT

in objects > custom object > threats create a new threat, give it a nice name and an ID

in the signatures add a new signature, set it to 'session' scope (as you want to count many packets, not just the size of 1) and add a condition with perator greater than, for context http-rsp-content-length, or any other context that may apply and then set the size you want to hit on