Forum Discussion

leosilvapaiola_'s avatar
leosilvapaiola_
Icon for Nimbostratus rankNimbostratus
Apr 30, 2019

APM + SWG: File extension Policy ???

Hello community,

 

We have a situation with a customer and a partner, where they were deploying APM + SWG as a forward proxy for navigation control and walk into a problem.

 

The policies based in URL categories are working just fine, but then the customer asked for a policy based in file extensions.

 

They asked for: "Any file extension including the following must be blocked: .exe, .JS, .JAR, .VBS .VB, .SFX, .BAT and .DLL Files."

 

To our surprise, we haven't find anything related to this type of approach.

 

ASM can be configured to block file extensions uploaded to a server, but regarding APM or SWG there's nothing around in the documentation.

 

Please, I need to confirm if this functionality is not a achievable with APM+SWG or in the contrary is available but in another module, like ASM.

 

Thanks beforehand, and in the case the answer is "iRule" I'm afraid will not be enough.

 

1 Reply

  • SWG

    The disallowed file types is only applied to the file type in the URI

    Except error on my part SWG does not allow to block specific files extension in a native way. but as you know the proxy solution is a whole (LTM APM and SWG). you can use an irule or an LTM Policies that I think is more suitable

    Using Irule with DG:

    when HTTP_PROXY_REQUEST {
    set path [HTTP::path]
    }
    when HTTP_PROXY_RESPONSE {
        if { [HTTP::header value Content-Type] contains "png" and !([class match [string tolower $path] ends_with URI_EXTENSION]) } {
              do some other stuff 
        }
    }
    

    Sans DG:

    when HTTP_PROXY_RESPONSE {
    
    switch -glob $path {
        "*.js" -
        "*.png" - 
        "*.jpg" -
        "*.gif" {
              do some other stuff 
        }
        default {
              do some other stuff 
        }
    }
    }
    

    You can also use ICAP. Icap will also allow you to do antivirus scanning, check file types and much deeper analysis. it's the best solution from me (as bluecoat AV)...

    regards