In my environment, some developers use NuGet in Visual Studio, and in certain cases, commands will call out and download PowerShell scripts.
Obviously I want generally to block PowerShell script downloads, but in special cases I need to allow them when they come from specific places. Unfortunately for my devs, since we wholesale block .ps1 files, sometimes their NuGet package processes end up causing the traffic to hit the Block-Continue page on our firewalls, which prevents their package downloads from completing properly.
What is considered best practice in this type of scenario? New Policy object(s)?
there are several ways to work around this
are your devs on static IP addresses ? you could create exclusions (in the profile) so their IP's don't hit this profile, or create a separate securtity policy entirely
if you have User-ID deployed, you could create a policy that allows their group/user-ids to bypass this profile
You could create a custom security policy that utilizes a different file blocking profile for nuget.org and api.nuget.org via URL Filtering. This would allow the developers to download what they need specific to that URL.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!