Block Wetransfer Upload

Reply
L3 Networker

Re: Block Wetransfer Upload

@vsys_remobut I added a url filtering profile and set some of the categories to "alert". I see my custom url category there too and set that to alert, but no dice

 

What do you mean by 'log-all' profile? How is that setup?

L7 Applicator

Re: Block Wetransfer Upload

@ce1028

What I meant with this log all profile is an URL filteting profile like the following:

  • Set all categories to action "alert" (The custom ones I would set to "none" but this is up to you)
  • Disable the checkbox at "Log container page only" (helpful in your case, but depending on the art of connection it could generate quite a few logs

Is my assumption correct that the profile that you applied has the log container page only checkbox activated? 

L3 Networker

Re: Block Wetransfer Upload

@vsys_remoyou were correct, the Log container page only option was enabled. I disabled and now it's logged.  Question though, did I have to uncheck the log container page only because I used the custom url category in the security policy rule, or is it unrelated?

L7 Applicator

Re: Block Wetransfer Upload

@ce1028

With that option enabled the firewall only logs specific MIME types. This option should enable URL logging without generating potentially extremely high logrates (modern websites - spcially highly dynamic websites - where javascript loads content in the background, keepalives are sent and javascripts, images, css that are fetched from everywhere in the internet will generate high amounts of logs that are not very useful in most cases).

In your case the requests to the domains in your custom URL category are not matching the default MIME types so they were not logged. You have now the option to keep this config with the log container page only disabled or you add the MIME type used for this website to the Container pages config.

L3 Networker

Re: Block Wetransfer Upload

@vsys_remo thank you for clarifying. For this purpose, I shall create a seperate URL profile and turn the option off

L1 Bithead

Re: Block Wetransfer Upload

Hi MikeC, quick question please. Do we need set this policy (with wetransfer-eu-prod-outgoing.s3.amazonaws.com) to Deny Action? And then create rule with allow using wetransfer? This link only for uploading? Thanks in advance!

Highlighted
L3 Networker

Re: Block Wetransfer Upload

Hi,

 

Not to deny. In my situation, I always block uploads with a File Blocking policy.  What I needed was to allow uploads for only wetransfer. Since PAN was seeing the wetransfer upload traffic as application 'ssl', I need to add these urls to allow uploading only for wetransfer

 

If you typically allow uploading and want to only block wetransfer uploads, then yes, you can use deny action

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!