This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

how to block mp3 ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to block mp3 ?

LCMember4717
L3 Networker

‎01-02-2012 06:30 AM

hi ,

i just got a request from a custoer on how to block mp3.. so as currently PanOS doesnt detect it , can we add it as a signature ?

BR

0 Likes Likes
10 REPLIES 10

rmonvon
L6 Presenter

‎01-02-2012 10:48 AM

You can write a custom app to detect .mp3 extension in HTTP.  Enclosed is a custom appID to look for .jpg images written for PAN-OS verison 3.1.x.  The signature is looking in the URI path and matching on  the string ‘\.jpg HTTP’ without the quote.  Typically the web request would look like this:

GET /images/twitter_corp.jpg HTTP/1.1\r\n

GET /images/logo.jpg HTTP/1.1\r\n

Please import this appID into the PA device and test.  Once verified, you can clone the app and change the app to match .mp3. 

Thanks.

Preview file
3 KB

LCMember4717
L3 Networker
In response to rmonvon

‎01-03-2012 05:52 AM

hi,

it did not work for the site which am testing for ill attach the screenshot, i also did several test on other site some of them show the extension up to .mp3 some not ...

Preview file
54 KB
0 Likes Likes

rmonvon
L6 Presenter
In response to LCMember4717

‎01-03-2012 09:19 AM

The custom signature is looking for pattern '.jpg HTTP' in the URI.  If you changed the pattern to '.mp3 HTTP', then we are looking for this pattern and it must be an exact match.  Your example has URI '...dh-wahshny.html HTTP/1.1' which does not contain '.mp3 HTTP'.

My suggestion will not catch all .mp3 files if the downloaded content does not end in .mp3 extension.  You may want to contact your local Palo Alto account team and submit a feature request.

Thanks.

Bart_Jocque
L3 Networker

‎01-06-2012 04:58 AM

Maybe you try to make a data-filtering profile for the file-type mp3 ?

- Edit - seems indeed that mp3 is not amongst the supported file-types.

You could enter a feature request to add this file-type...

Message was edited by: Bart.Jocque

0 Likes Likes

LCMember4717
L3 Networker
In response to Bart_Jocque

‎01-08-2012 12:18 AM

well i dont think this even will work.. even if i tried to block a url with *.mp3 it wont work as some sites hide the extension from the url ..

0 Likes Likes

ksuuk
Not applicable

‎04-30-2012 10:52 AM

Now it does, mp3 and also mp4.

0 Likes Likes

mikand
L6 Presenter
In response to ksuuk

‎04-30-2012 11:54 AM

Is it possible for you to attach your signature that works?

I think you must act on both fileextension aswell as mimetype if you write your own signature, something like:

fileext: .mp3

OR

mime-type: audio/mp3 (or whatever its called)

however this can be evaded by using octet-stream as mime-type and then the client app will detect what this file is based on magic bytes.

If im not mistaken the file function in PA (when you select filetypes) will to both fileext, mimetype and magic bytes to detect files however the file detection in PA currently only works for http, ftp, smtp, pop3 and imap streams (if im not mistaken).

0 Likes Likes

ksuuk
Not applicable
In response to mikand

‎04-30-2012 12:56 PM

No special signature, just now there's (I'm running 4.1.6) option to block mp3's and mp4's with File Blocking. See the attached image.

Preview file
61 KB

LCMember4717
L3 Networker
In response to ksuuk

‎05-01-2012 07:10 AM

it looks starting from 4.1.4 mp3 and mp4 can be added to file blocking profiles, i will test and update here guys.

0 Likes Likes

Asanka
L2 Linker
In response to LCMember4717

‎05-22-2012 11:09 PM

Hi,

Still it is not working. Please try below and will it be there a perment solution?

http://www.hirufm.lk/musicdownloads/audio-93

Thanks,

Asanka

0 Likes Likes
  • 9362 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks