how to block mp3 ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

how to block mp3 ?

L3 Networker

hi ,

i just got a request from a custoer on how to block mp3.. so as currently PanOS doesnt detect it , can we add it as a signature ?

BR

10 REPLIES 10

L6 Presenter

You can write a custom app to detect .mp3 extension in HTTP.  Enclosed is a custom appID to look for .jpg images written for PAN-OS verison 3.1.x.  The signature is looking in the URI path and matching on  the string ‘\.jpg HTTP’ without the quote.  Typically the web request would look like this:

GET /images/twitter_corp.jpg HTTP/1.1\r\n

GET /images/logo.jpg HTTP/1.1\r\n

Please import this appID into the PA device and test.  Once verified, you can clone the app and change the app to match .mp3. 

Thanks.

hi,

it did not work for the site which am testing for ill attach the screenshot, i also did several test on other site some of them show the extension up to .mp3 some not ...

The custom signature is looking for pattern '.jpg HTTP' in the URI.  If you changed the pattern to '.mp3 HTTP', then we are looking for this pattern and it must be an exact match.  Your example has URI '...dh-wahshny.html HTTP/1.1' which does not contain '.mp3 HTTP'.

My suggestion will not catch all .mp3 files if the downloaded content does not end in .mp3 extension.  You may want to contact your local Palo Alto account team and submit a feature request.

Thanks.

L3 Networker

Maybe you try to make a data-filtering profile for the file-type mp3 ?

- Edit - seems indeed that mp3 is not amongst the supported file-types.

You could enter a feature request to add this file-type...

Message was edited by: Bart.Jocque

well i dont think this even will work.. even if i tried to block a url with *.mp3 it wont work as some sites hide the extension from the url ..

Not applicable

Now it does, mp3 and also mp4.

Is it possible for you to attach your signature that works?

I think you must act on both fileextension aswell as mimetype if you write your own signature, something like:

fileext: .mp3

OR

mime-type: audio/mp3 (or whatever its called)

however this can be evaded by using octet-stream as mime-type and then the client app will detect what this file is based on magic bytes.

If im not mistaken the file function in PA (when you select filetypes) will to both fileext, mimetype and magic bytes to detect files however the file detection in PA currently only works for http, ftp, smtp, pop3 and imap streams (if im not mistaken).

No special signature, just now there's (I'm running 4.1.6) option to block mp3's and mp4's with File Blocking. See the attached image.

it looks starting from 4.1.4 mp3 and mp4 can be added to file blocking profiles, i will test and update here guys.

Hi,

Still it is not working. Please try below and will it be there a perment solution?

http://www.hirufm.lk/musicdownloads/audio-93

Thanks,

Asanka

  • 9457 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!