https://live.paloaltonetworks.com/t5/general-topics/file-blocking-feature-not-working-with-owncloud-uploading/m-p/360305#M88083 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;wrote:<BR /><P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/61214">@grenzi</a> ,</P><P>&nbsp;</P><P>Looking at the session details, can you see if the sessions are actually decrypted successfully ? Just thinking out loud here ... do you allow the session if decryption fails ?</P><P>Are you seeing the same behaviour in both PAN-OS 10.0 and 9.0 ?</P><P>&nbsp;</P><P>Cheersm</P><P>-Kiwi.</P><DIV>&nbsp;</DIV><HR /></BLOCKQUOTE><P>Hi Kiwi,</P><P>&nbsp;</P><P>&nbsp;I just figured it out that this behavior could be related to HTTP2. After disabling HTTP2 on the NGINX server, files are correctly blocked in upload as expected. I also found that decryption doesn't work on 9.0 and 9.1 with HTTP2, while in 10.0 it does. I think I have to deepen on how HTTP2 works and why the firewall is unable to detect file uploads while it correctly detects dowloads.</P> Mon, 02 Nov 2020 17:43:05 GMT grenzi 2020-11-02T17:43:05Z https://live.paloaltonetworks.com/t5/general-topics/file-blocking-feature-not-working-with-owncloud-uploading/m-p/359593#M87997 <P>Hello everybody,</P><P>&nbsp;</P><P>&nbsp; the thread subject is pretty self explanatory. I'm playing with the file-blocking feature and doing some testing. What I've found in my lab environment, using both PAN-OS 10.0.1 and PAN-OS 9.0.9 and both VM-Series an PA-820 appliance, is that file blocking is not always working with application owncloud-uploading.</P><P>&nbsp;</P><P>I have a file-blocking profile configured to block pdf, exe and msi files in both directions (upload and download) and this is what I just found.</P><P>&nbsp;</P><P>**Scenario 1**</P><P>Web server: Apache 2.4</P><P>Application: Nextcloud 19.0.4</P><P>Server architecture: x86-64</P><P>PHP: php-fpm</P><P>SSL forward proxy: enabled</P><P>&nbsp;</P><P>Scenario 2</P><P>WebServer: NGINX 1.19</P><P>Application: Nextcloud 19.0.4</P><P>Server architecture: ARM</P><P>PHP: php-fpm</P><P>SSL forward proxy: enabled</P><P>&nbsp;</P><P>In Scenario 1, if I try to upload or download any of the blocked file types, the firewall correctly denies the session as expected and logs the event into the data filtering logs.</P><P>&nbsp;</P><P>In Scenario 2, if I try to download any of the blocked file types, the firewalls denies the session as expected, but if I try to upload the file the firewall permits the session and the upload is successful.</P><P>&nbsp;</P><P>Any idea on how to investigate deeper into this issue? I will update this thread as soon I have time to try other web application on a NGINX web server.</P><P>&nbsp;</P><P>Thanks</P> Thu, 29 Oct 2020 11:48:03 GMT https://live.paloaltonetworks.com/t5/general-topics/file-blocking-feature-not-working-with-owncloud-uploading/m-p/359593#M87997 grenzi 2020-10-29T11:48:03Z https://live.paloaltonetworks.com/t5/general-topics/file-blocking-feature-not-working-with-owncloud-uploading/m-p/360263#M88078 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/61214">@grenzi</a> ,</P> <P>&nbsp;</P> <P>Looking at the session details, can you see if the sessions are actually decrypted successfully ? Just thinking out loud here ... do you allow the session if decryption fails ?</P> <P>Are you seeing the same behaviour in both PAN-OS 10.0 and 9.0 ?</P> <P>&nbsp;</P> <P>Cheersm</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Mon, 02 Nov 2020 14:42:51 GMT https://live.paloaltonetworks.com/t5/general-topics/file-blocking-feature-not-working-with-owncloud-uploading/m-p/360263#M88078 kiwi 2020-11-02T14:42:51Z https://live.paloaltonetworks.com/t5/general-topics/file-blocking-feature-not-working-with-owncloud-uploading/m-p/360305#M88083 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;wrote:<BR /><P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/61214">@grenzi</a> ,</P><P>&nbsp;</P><P>Looking at the session details, can you see if the sessions are actually decrypted successfully ? Just thinking out loud here ... do you allow the session if decryption fails ?</P><P>Are you seeing the same behaviour in both PAN-OS 10.0 and 9.0 ?</P><P>&nbsp;</P><P>Cheersm</P><P>-Kiwi.</P><DIV>&nbsp;</DIV><HR /></BLOCKQUOTE><P>Hi Kiwi,</P><P>&nbsp;</P><P>&nbsp;I just figured it out that this behavior could be related to HTTP2. After disabling HTTP2 on the NGINX server, files are correctly blocked in upload as expected. I also found that decryption doesn't work on 9.0 and 9.1 with HTTP2, while in 10.0 it does. I think I have to deepen on how HTTP2 works and why the firewall is unable to detect file uploads while it correctly detects dowloads.</P> Mon, 02 Nov 2020 17:43:05 GMT https://live.paloaltonetworks.com/t5/general-topics/file-blocking-feature-not-working-with-owncloud-uploading/m-p/360305#M88083 grenzi 2020-11-02T17:43:05Z