Forum Discussion

leosilvapaiola_'s avatar
leosilvapaiola_
Icon for Nimbostratus rankNimbostratus
Apr 30, 2019

APM + SWG: File extension Policy ???

Hello community,   We have a situation with a customer and a partner, where they were deploying APM + SWG as a forward proxy for navigation control and walk into a problem.   The policies based...
APM
application delivery
LTM
security
swg
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
May 01, 2019

SWG

The disallowed file types is only applied to the file type in the URI

Except error on my part SWG does not allow to block specific files extension in a native way. but as you know the proxy solution is a whole (LTM APM and SWG). you can use an irule or an LTM Policies that I think is more suitable

Using Irule with DG:

when HTTP_PROXY_REQUEST {
set path [HTTP::path]
}
when HTTP_PROXY_RESPONSE {
    if { [HTTP::header value Content-Type] contains "png" and !([class match [string tolower $path] ends_with URI_EXTENSION]) } {
          do some other stuff 
    }
}

Sans DG:

when HTTP_PROXY_RESPONSE {

switch -glob $path {
    "*.js" -
    "*.png" - 
    "*.jpg" -
    "*.gif" {
          do some other stuff 
    }
    default {
          do some other stuff 
    }
}
}

You can also use ICAP. Icap will also allow you to do antivirus scanning, check file types and much deeper analysis. it's the best solution from me (as bluecoat AV)...

regards