Web Application Firewall & Reverse Proxy

Hi, we are trying to block file uploads to an application not listed in the known applications.

The application is Hightail.  We can block file uploads to other sites that are known, but when we tried blocking Upload files/Attachments with Web Operation Control and site specifying the site URL, we're not successful.

TIA

Hi,

         Web Application and its respective operations are to be seen as part of a single entity. Just using a rule to block "Upload Attachment" will not have effect globally. This will only affect the pre-defined web applications which support the "operation" of "Upload Attachment". This is the reason why the "HighTail" is not having any effect on file upload. For this to work, we may have to depend on the good old way to creating policy from scratch. Steps below

** SSL Interception will be required for this

1) Find the domain which is used when we click upload button on the website. If this is different from the domain used for download/normal access, we can put a block there itself

and/or

2) Method used for upload, ie POST combined with a request content-length header of size above 100Kb. This should be "AND" with above domain used for upload and Deny

This could take some trial-error but worth it :)

HI Aravind,

Thank you for the suggestions, I will try both of them.

For clarification, is SSL Interception required for both option 1 and 2?

Cheers!

Kevin

Hi Kevin,

              It will depend on whether the website is over https or http. Most of the file hosting sites are now over https, hence needs SSL interception

Hi Kevin,

If you believe Hightail should be added into the application list definition, I was previously advised the best method to request its addition is to file a support case. 

The feature request process for Web Application definitions is a bit different, since most other feature requests have to be submitted through your Symantec Sales Engineer.