This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Blocking all files upload

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Blocking all files upload

mchartier
L1 Bithead

‎04-10-2020 11:38 AM

Hi, 

 

Anyone has ever figured out how to block any inside hosts to upload any kind of file outside, but still allowing web browsing? The file blocking option support only specific type of files... and the APP-ID database doesn't have any king of basic http or https upload APP-ID.

 

I know it's not the better protection to configure but I'm trying to block any kind of file that is truing to be uploaded.

 

Thanks, 

0 Likes Likes
5 REPLIES 5

rkoenig
L3 Networker

‎04-10-2020 01:21 PM

Hmmm I thought you could choose ANY in Filetypes, Im assuming that even when you do choose ANY it still doesnt work? 

0 Likes Likes

mchartier
L1 Bithead
In response to rkoenig

‎04-10-2020 01:59 PM

Exactly ANY = ANY files in the supported list in file blocking... so not really ANY files type...

 

So not really scalable.

SutareMayur
L6 Presenter
In response to mchartier

‎04-12-2020 06:14 AM

@mchartier,

 

Currently the possible way to configure it is on the basis on APP-IDs like FTP, Dropbox etc instead of file types.

The other workaround will be - Create Custom Signature and limit file size upload. You can keep limit to minimal.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

rkoenig
L3 Networker
In response to SutareMayur

‎04-13-2020 11:24 AM

We have a similar policy like that, acces to online storage is denied through our default Internet URL policy.
We have another policy that allows access to online storage if you are a member of a specific AD group.
We also have a "read-only" policy that allows everyone access to the approved applications within online storage category and underneath the read-only policy is another policy that denies upload via app ID. I know that theorhetically we do not need the extra policy denying upload but I think it adds an extra layer of security.

Hope that makes sense. 

0 Likes Likes

mchartier
L1 Bithead
In response to rkoenig

‎04-13-2020 11:27 AM

The only problem with that is that it can be easily bypassed by using a simple http post on a website that is not categorize like Online storage... but at least it's a start we all do. 

 

 

  • 8307 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks