This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Blocking via file extension (Text only)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Blocking via file extension (Text only)

choff123
L3 Networker

‎02-26-2013 10:49 AM

Am I able to block via file extension, the text file extension ony, without any inspection and/or identification by the Palo Alto unit?

I want to block jar files but the PA keeps telling me they are zip files and then allows them. I would like to block anything named *.jar no matter what the PA identifies it as.

Thanks!

0 Likes Likes
5 REPLIES 5

michael_allen
Not applicable

‎02-26-2013 10:58 AM

I have blocked exe files sucessfully and jar files are listed in the file blocking security profile.  Add the .jar top the security profile then apply that profile to a policy or profile group.

0 Likes Likes

mbutt
L5 Sessionator

‎02-26-2013 11:02 AM

Hi,

When firewall blocks the files it is not based on the extension. PAN inspect the file and then block it. If it was just being blocked on the extension then anybody would be able to change the extension and send the firewall. If the file is being wrongfully identified then i would suggest you open a case with the support and provide the file to them to further investigate the issue.

Hope this helps.

Thank you

Numan

choff123
L3 Networker
In response to mbutt

‎02-26-2013 11:19 AM

i understand why you want to inspect the file/protocol etc..

but blocking based on file extension has its place too.

I guess ill call support b/c most all of the time the jar files are being id'ed as zip files.

plus PA doesnt have the pack.gz filetype, so id like to be able to just block that based on the file extention.

thanks

0 Likes Likes

choff123
L3 Networker
In response to michael_allen

‎02-26-2013 11:47 AM

PA3.JPG

upon further inspection i noticed they are being block albeit in a roundabout way.

the jar file (which is set to be blocked) creates an alert BUT the block page says a class file (which ive also set to be blocked) is being blocked so... I hope they are still being blocked if they do not contain a class file (is that even possible/practical?.. possibly if youre a 'bad guy').

0 Likes Likes

mikand
L6 Presenter
In response to choff123

‎02-27-2013 12:15 AM

This blocking of jar files, is it only for browsers or for email etc aswell?

If its just for browsers then it should work if you create an url-filter blocking *.jar (given that you want to block on extension and not on contents). And/Or create a custom app using http as base and define uri or url to end with *.jar OR the mime-extension which is being used (I think its "application/java-archive") - the custom appid should contain both rules (as an OR).

0 Likes Likes
  • 4580 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks