When creating ACLS/rules to block downloading files according extensions, some files can be easily downloaded trough web sites that sends the content trough scripts.
The standard file blocking matches the file name in the URI but php, asp, perl scripts can sends files without specify file names in the URL.
- http://www.download.com/files.exe will correctly matches and block *.exe in normal mode.
- http://www.donload.com/download.php?fileid=4664641 will not matches the *.exe blocking rule.
To avoid this issue, a new proxy object “Web server reply filename” has been added in Complete ACLs with Artiva v2.37.022314 or above.
- To use this object, you must use an ACL rule with “Deny Reply Access” option enabled.
- When adding an object in the ACL rule use the “Web server filename reply” object.
When adding item, think that the rule matches the whole file name using regular expressions.
it matches the pattern inside the whole header Content-Disposition: Attachment; filename=[something]
will matches all *.vbe, *.vbs files.
will matches all *.vb(a or b or c or e or s) files.
In other way you can create pattern that specifies the file name instead the extension:
Will matches 01453.exe or 1-2-3-4.exe or 01234-56789-101112.exe