This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to block csv files download by File-Blocking

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to block csv files download by File-Blocking

paloalto.netfos
L4 Transporter

‎08-06-2012 08:13 PM

Hi All,

I just want to block csv files download by file-blocking, however I cann't find it in the file types.

Are there any ways to block it download?

Thanks,

Joy,

0 Likes Likes
9 REPLIES 9

rmonvon
L6 Presenter

‎08-06-2012 09:00 PM

Hi...CSV is just plain text file with commas separating the fields.  The PA device should identify the csv file as text file.  Thanks.

0 Likes Likes

paloalto.netfos
L4 Transporter
In response to rmonvon

‎08-06-2012 09:46 PM

Hi rmonvon,

Thanks for your answers, but I have tried upload a .txt text file to gmail and no any log about it displayed in the Data-Filtering. I also cann't see text or txt file type in the file-blocking file type.

My test unit is PA-5020 and PANOS is 4.1.6-h1.

Thanks,

Joy,

0 Likes Likes

rmonvon
L6 Presenter
In response to paloalto.netfos

‎08-06-2012 10:38 PM

My apology on the file blocking as we do not have a file type for .txt.  It would match many web contents since all web pages will have some text on them.  You could try defining a custom app signature to match .csv similar to the recommendation here to detect jpg and mp3:

For Data Filtering, we do have text/html as a file type to scan but Data Filtering is looking for a data pattern inside the file like credit card numbers.  You should also check to see if gmail is using SSL to encrypt the transfer as I believe it is.  You will have to enable SSL decryption on the PA5020 to inspect inside of SSL and scan the content for data patterns.

Thanks.

paloalto.netfos
L4 Transporter
In response to rmonvon

‎08-09-2012 08:23 PM

Hi rmonvon,


Thanks for reply, and what is default behavior when file-booking detects unknown file type, ignores but logs it? ignores without logs? bypass without anything? blocks it but logs it? blocks it without logs?



Thanks,

Joy,

0 Likes Likes

rmonvon
L6 Presenter
In response to paloalto.netfos

‎08-09-2012 09:09 PM

For unknown file types, the action would be bypass (allow) & no logging. 

jwolach
L4 Transporter
In response to paloalto.netfos

‎08-12-2012 12:06 PM

Are you decrypting the gmail traffic with a Forward-Proxy Rule?  If not, you will not see the file attachments because gmail is an encrypted application.

0 Likes Likes

jwolach
L4 Transporter

‎08-12-2012 02:50 PM

I just modified the .JPG App-ID signature for .CSV.  Here it is.  Just import it into the Application Object and create a Block Security Policy.

Preview file
2 KB

paloalto.netfos
L4 Transporter
In response to jwolach

‎08-12-2012 06:13 PM

Hi Jwolach,

Yes, I do ssl forward-proxy in my unit, and I can see the traffic log of gmail, but Data-Filtering is not.

0 Likes Likes

paloalto.netfos
L4 Transporter
In response to paloalto.netfos

‎08-12-2012 06:26 PM

Hi Jwolach,

Thanks for your sample, I will try it.

Regards,

Joy,

0 Likes Likes
  • 5784 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks