Users in enterprise often use web based file hosting to upload big files. This creates concerns in the usage of networks bandwidth and server storage capacity, as the files can be rather big.
Below steps are usefulto control filesize uploaded to a web server using the HTTP Request Content-Length parameter.
PAN-OS version: 6.1
1.Create a custom signature vulnerability
Go to Objects Tab > Custom Objects > Vulnerability, then click “Add”,Fill-in required fieldsas shown below:
Click “Signatures”Tab, then click “Add”. In Standard window, type in theSignature Name:
At the bottom of “Standard” window, click “Add And Condition”:
Inside “Or Condition” window, choose Operator to “Greater Than”, chooseContext to “http-req-content-length”. To limit file size up to 10 MB, we need to fill-in the Value in bytes, 10MB equals to “10485760”
Then click “OK”, click “OK” again.Or, you can just save below text as BLOCK-FILE-10MB.xml file and click “Import”in Objects Tab > Custom Objects > Vulnerability.