Anyone has ever figured out how to block any inside hosts to upload any kind of file outside, but still allowing web browsing? The file blocking option support only specific type of files... and the APP-ID database doesn't have any king of basic http or https upload APP-ID.
I know it's not the better protection to configure but I'm trying to block any kind of file that is truing to be uploaded.
Currently the possible way to configure it is on the basis on APP-IDs like FTP, Dropbox etc instead of file types.
The other workaround will be - Create Custom Signature and limit file size upload. You can keep limit to minimal.
We have a similar policy like that, acces to online storage is denied through our default Internet URL policy.
We have another policy that allows access to online storage if you are a member of a specific AD group.
We also have a "read-only" policy that allows everyone access to the approved applications within online storage category and underneath the read-only policy is another policy that denies upload via app ID. I know that theorhetically we do not need the extra policy denying upload but I think it adds an extra layer of security.
Hope that makes sense.
The only problem with that is that it can be easily bypassed by using a simple http post on a website that is not categorize like Online storage... but at least it's a start we all do.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!