Control file downloads based on the Content-Length header via policy using the Edge SWG (ProxySG) Virtual Policy Manager (VPM) or Content Policy Language (CPL).

To control file size downloads via CPL

Use the response.header.content-length.as_number condition.

For example, to deny file downloads of files greater than 10 MB use the following CPL:

<Proxy>
  response.header.content-length.as_number=10485760.. DENY

The ".." is a range indicator.

For more information, see the technical documentation for response.header.content-length.as_number=

To control file size downloads via VPM

1. Launch the Web VPM from the Edge SWG (ProxySG) appliance Management Console Configuration > Policy > Visual Policy Manager or via the link in the upper right hand corner.
2. Create or edit a Web Access Layer.
3. In the layer, create a rule with the following properties:
   Source: Any, or user or group.
   Destination: New > Response Header >Content-Length. Enter a regular expression (regex) for a content-length; see the Examples section following these steps.
   Action:  Allow or Deny.

Since the VPM uses regex to make a comparison, it will use more CPU to evaluate the policy. To approximate 10 MB using regex, you would use regex to allow all 7 digit values from 0 - 9,999,999 which would be:

^[0-9]{1,7}$

It's a little more tricky for expressing 30 MB in regex. Essentially, you would allow all values like in the 10 MB case, but including all values with a leading 1 followed by any 7 digits and a leading 2 followed by any 7 digits:

^[0-9]{1,7}$|^[1-2][0-9]{7}$

The left side of the "|" accounts for up to 10 MB and the right side of the "|" accounts for the values with a leading 1 followed by any 7 digits and a leading 2 followed by any 7 digits.

For convenience, here is a table of regex expressions for common values: