This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I block file extensions for HTTPS?

All-

 

While I currently use the web proxy to block a number of file extensions such as exe, the web proxy only blocks downloading file extensions using HTTP. How can I block files extension downloads on HTTPS sites? Ima using UTM 9.5 currently.

 

Thanks,

Jim



This thread was automatically locked due to age.
Parents
  • Hey, Jim - Transparent or Standard?  'Decrypt and scan' HTTPS or just 'URL filtering only'?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    Currently transparent using decrypt and scan HTTPS.

     

    Thanks,

    Jim

  • Bob,

     

    I realized that I selected Decrypt and scan the following so catagories could be blocked as opposed to just decrypt and scan. Is this setting the likely cause of no HTTPS extension blocking?

     

    Thanks,

    Jim

  • Hi Bob, hi Jim,

     

    I have the same problem, we use Sophos UTM9 release 9.408-4. In 'Web Protection' -> 'Webfilter' in the third tab 'Policies' we have a profile defined. When you edit the filteractions in the third tab 'Downloads' there is a part 'Blocked extensions' where .exe and some other extensions are defined.

    This works well on http sites but definetly not on https sites.

     

    Is it a setting in 'Web Protection' -> 'Webfilter' on the tab 'HTTPS' that I have missed to configure?

     

    thanks

    Eva 

  • Could be, Jim - what happens if you add the category of the .exe URL that was allowed?  What happens if you don't limit to categories?

    Hi, Eva, and welcome to the UTM Community!  Please post a picture of the HTTPS tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    It blocked the site, see below. However why does it say the file extension is blocked? The site I used is https://download.piriform.com/ccsetup535.exe and calssified as hardware/software. The message does not correspond to the actual activity. Possibly something is incorectly configured? Please see screen captures below. Once I removed the catagory I now have the same problem. Thanks, Jim

     

    Content blocked

    While trying to retrieve the URL:
    The content is blocked due to the following condition:
    The URL you have requested matches a forbidden file extension. If you think this is wrong, please contact your administrator.
    Your cache administrator is:
     

     

     
  • Hi Bob,

     

    thanks for welcomming me.

    I hope it is not a problem that the language is set to german in sophos utm ;-)

    cheers Eva

  • Eva, you have 'URL-filtering only', and I think the URL Filter won't block that.  I think it's the Antivirus engine that decrypts and scans files and blocks .exe files.  I think that to block .exe files without decrypt and scan, you must block URLs with \.exe$ in them.  I don't know this for a fact...

    What happens if you enable decrypt and scan?

    What happens if, instead, you block using a REGEX \.exe$

    Cheers - Bob
    PS Eigentlich, es gefällt mir am German Forum teilzunehmen.  Meistens kann ich mir nicht mehr auf Deutsch mühelos ausdrucken, aber verstehen kann ich noch immer.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • So, are you saying that it's now working as you expected, Jim?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    I don't think it is working as expected. However I did not have antivirus enabled. Although I did enable it in addition to scanning PUA's the UTM still does not block file extensions on uncatagorized HTTPS web sites. Does antivirus need to be enable for extension blocking to work? For some reason I expected it to work the same as HTTP downloading. Some how I suspect this is a configuration error....

     

    Thanks,

    Jim

     

     

     

  • "Uncategorized" is a trick, Jim.  One is a category and the other is the lack of categorization.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bob,

     

    Thank you for your help! To be clear then I should configure as a white/black list condition? This explains why I hwas able to block ccleaner.exe the other night.

     

    Thanks,

    Jim

Reply Children
No Data