How to exclude a specific file name from a file blocking rule

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to exclude a specific file name from a file blocking rule

L1 Bithead

 I need to allow files of a specific name of a specific type to be exempted from a security profile file type blocking rule .

Eg i want to allow a specific Chrome extension file (crx) from their webstore but no others .

The file blocking security profile definition can block CRX,  but i cant find away to allow a file of a specific name (the chrome webstore unique guid for the extension)  of the crx type to be allowed to be downloaded.

Any assistance much appreciated

1 accepted solution

Accepted Solutions

L2 Linker

@M.Bathgate wrote:

 I need to allow files of a specific name of a specific type to be exempted from a security profile file type blocking rule .

Eg i want to allow a specific Chrome extension file (crx) from their webstore but no others .

The file blocking security profile definition can block CRX,  but i cant find away to allow a file of a specific name (the chrome webstore unique guid for the extension)  of the crx type to be allowed to be downloaded.

Any assistance much appreciated


Hello @M.Bathgate 

I understand you are looking to create an exception for a specific file name whose file type is configured to be blocked in File Blocking. The file blocking profile does not provide the ability to configure exceptions, however, the URN to the file can be used to configure an exception leveraging the "Service/URL Category" field in a Security Policy rule.

So to go about this, you need to attempt the file name from the webstore to determine the security policy rule name that was blocking the file. From your Monitor > Data Filtering, you should be able to see the rule name and also possibly the URN which is blocked.

Go to Objects > Custom Objects > URL Category and create a new category that will be used for File Blocking exceptions. While creating the URL category, you need to click on 'Add' and specify the URN to the file. (Do not prepend http:// for the entry).

Clone the current Security Policy rule so that it precedes the currently matched Security Policy rule (blocking the file).

Open the newly cloned Security Policy rule for editing. Define a new name for it different from the security policy rule that is blocking the file name URN. Also, select the "Service/URL Category" tab, and define the URL Category you previously created.

Go to the Actions tab. Make sure that the newly cloned Security Policy either has no File Blocking profile defined (None), or that the one selected does not block the file-type that needs to be allowed.

Finally, commit your changes. After Commit succeeds, access to the otherwise blocked file will now be allowed.

Reference Link:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAtvCAG&lang=en_US%E2%80%A...

View solution in original post

2 REPLIES 2

L2 Linker

@M.Bathgate wrote:

 I need to allow files of a specific name of a specific type to be exempted from a security profile file type blocking rule .

Eg i want to allow a specific Chrome extension file (crx) from their webstore but no others .

The file blocking security profile definition can block CRX,  but i cant find away to allow a file of a specific name (the chrome webstore unique guid for the extension)  of the crx type to be allowed to be downloaded.

Any assistance much appreciated


Hello @M.Bathgate 

I understand you are looking to create an exception for a specific file name whose file type is configured to be blocked in File Blocking. The file blocking profile does not provide the ability to configure exceptions, however, the URN to the file can be used to configure an exception leveraging the "Service/URL Category" field in a Security Policy rule.

So to go about this, you need to attempt the file name from the webstore to determine the security policy rule name that was blocking the file. From your Monitor > Data Filtering, you should be able to see the rule name and also possibly the URN which is blocked.

Go to Objects > Custom Objects > URL Category and create a new category that will be used for File Blocking exceptions. While creating the URL category, you need to click on 'Add' and specify the URN to the file. (Do not prepend http:// for the entry).

Clone the current Security Policy rule so that it precedes the currently matched Security Policy rule (blocking the file).

Open the newly cloned Security Policy rule for editing. Define a new name for it different from the security policy rule that is blocking the file name URN. Also, select the "Service/URL Category" tab, and define the URL Category you previously created.

Go to the Actions tab. Make sure that the newly cloned Security Policy either has no File Blocking profile defined (None), or that the one selected does not block the file-type that needs to be allowed.

Finally, commit your changes. After Commit succeeds, access to the otherwise blocked file will now be allowed.

Reference Link:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAtvCAG&lang=en_US%E2%80%A...

L1 Bithead

Thanks, hadn't realized that you could use extensions within those definitions , though raises question over it not having a trailing /   .

If we only have a definition of the file and not from where it comes form , then i assume it accepts wildcard , but without trailing / the file definition could be spoofed as a subfolder to the URI    , eg   */somefile.txt/     .  Will cater for most scenarios though

  • 1 accepted solution
  • 2190 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!