SRX Services Gateway
SRX Services Gateway

Content-Filtering- HTTP/HTTPS Upload not working for .exe and .zip file types.

‎05-06-2020 11:13 PM

Hello, 

 

I have created the below mentioned on vSRX ( version 18.2R3.4) to block .exe and .zip files. It worked for ftp uploads and downloads. But for HTTP/HTTPS content filtering worked for only downloads. Is this expected behaviour ? or Is there any other way to block .exe and .zip uploads ?

 

set security utm feature-profile content-filtering profile File_all block-extension Block_Ext
set security utm feature-profile content-filtering profile File_all block-content-type exe
set security utm feature-profile content-filtering profile File_all block-content-type zip
set security utm feature-profile content-filtering profile File_all notification-options type protocol-only
set security utm feature-profile content-filtering profile File_all notification-options custom-message "File Blocked by SRX CF"


set security utm utm-policy UTM-AV-CF-WF content-filtering http-profile File_all
set security utm utm-policy UTM-AV-CF-WF content-filtering ftp upload-profile File_all
set security utm utm-policy UTM-AV-CF-WF content-filtering ftp download-profile File_all

set security policies from-zone Trust to-zone Untrust policy UTM-CF-Policy match source-address any
set security policies from-zone Trust to-zone Untrust policy UTM-CF-Policy match destination-address any
set security policies from-zone Trust to-zone Untrust policy UTM-CF-Policy match application any
set security policies from-zone Trust to-zone Untrust policy UTM-CF-Policy then permit application-services ssl-proxy profile-name ssl-forward-proxy-profile
set security policies from-zone Trust to-zone Untrust policy UTM-CF-Policy then permit application-services utm-policy UTM-AV-CF-WF
set security policies from-zone Trust to-zone Untrust policy UTM-CF-Policy then log session-init
set security policies from-zone Trust to-zone Untrust policy UTM-CF-Policy then log session-close

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Content-Filtering- HTTP/HTTPS Upload not working for .exe and .zip file types.

‎05-07-2020 02:24 AM

Hi Hari,

 

I hope you are doing well!

 

As conveyed to you on another post, it is expected that you are unable to block files upload by using HTTP/HTTPS content filtering.

 

The below KB has more details about the issue you are facing:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB26837&cat=FILTERING_D0E41470&actp=LIST&sho...

 

This is supposed to be a new feature and you might have to raise a feature request to get this added to your Junos.

 

I hope this helps 🙂

 

Please mark this "Accepted Solution"  if this helps you resolve your query.

 

Kudos are much appreciated too 🙂

Highlighted
SRX Services Gateway

Re: Content-Filtering- HTTP/HTTPS Upload not working for .exe and .zip file types.

‎05-07-2020 09:14 PM

Hello, 

 

Yes I have gone through the KB 🙂 . Much appreciated for giving response. 

 

I tried by creating below custom IPS signature to match http-header-content-type with .exe, it worked for me. 

 

set security idp custom-attack Block-EXE severity major

set security idp custom-attack Block-EXE attack-type chain expression " m01 or m02 or m03"

set security idp custom-attack Block-EXE attack-type chain member m01 attack-type signature context http-header-content-type

set security idp custom-attack Block-EXE attack-type chain member m01 attack-type signature pattern application/octet-stream

set security idp custom-attack Block-EXE attack-type chain member m01 attack-type signature direction any

set security idp custom-attack Block-EXE attack-type chain member m02 attack-type signature context http-header-content-type

set security idp custom-attack Block-EXE attack-type chain member m02 attack-type signature pattern application/x-msdownload

set security idp custom-attack Block-EXE attack-type chain member m02 attack-type signature direction any

set security idp custom-attack Block-EXE attack-type chain member m03 attack-type signature context http-header-content-type

set security idp custom-attack Block-EXE attack-type chain member m03 attack-type signature pattern application/vnd.microsoft.portable-executable

set security idp custom-attack Block-EXE attack-type chain member m03 attack-type signature direction any

 

Thanks,

Hari. 

Highlighted
SRX Services Gateway

Re: Content-Filtering- HTTP/HTTPS Upload not working for .exe and .zip file types.

‎05-07-2020 09:27 PM

Hi Hari,

 

That's great! Kudos to you 🙂 Might as well help me if I'm stuck on a similar issue 🙂 Thanks for sharing this!

 

 

Feedback