How to Write Policy to Control Dropbox: Access or Deny

book

Article ID: 166540

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Follow these instructions to deny the upload and download options of Dropbox.

 

Resolution

Please note that SSL Interception is required for https://www.dropbox.com, and the BlueCoat Web Content Filtering must be enabled.

  1. To deny upload, create a new rule in Web Access Layer, and add a new Combined Destination Object.
  2. In the Combined Destination Object, create a new Request URL Application, and choose DropBox.

Web Application Control

 

  1. Create a new Request URL Operation

Filter list

 

4. Create a Combined Destination Object.

Destination Object

 

  1. The next figure shows an overview of a Web Access Layer configured to deny upload to Dropbox. You must add a second rule set to deny request category for File Storage/Sharing, as the Dropbox web page was classifiled in this URL category.

VPM rule

 

6. Example policy trace result:

start transaction -------------------
  CPL Evaluation Trace: transaction ID=614895
           <Proxy>
    miss :     condition=CombinedDestination1
    MATCH:         DENY category="File Storage/Sharing" 
           <ssl>
    MATCH:         server.certificate.validate(no) 
           <Proxy>
    MATCH:         trace.request(yes) trace.rules(all) trace.destination(Dropbox) 
  connection: service.name=Explicit HTTP client.address=10.105.7.224 proxy.port=8080
  time: 2013-12-10 05:57:26 UTC
  OPTIONS https://dl-web.dropbox.com/chunked_upload?name=rdp73.plg&chunk=0&chunks=1&bjar=W3sic2Vzc19pZCI6IDM1MDkxNTAwNjE3OTk3MjU1MjYxNjg3ODA0NjM2NzQ1NTQ5NzQ2LCAiZXhwaXJlcyI6IDEzODY3NDAyMzQsICJyb2xlIjogInBlcnNvbmFsIiwgInVpZCI6IDE5MjgzNzE5N31d&blid=AADSFSxBe
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
  user: unauthenticated
  authentication status='not_attempted' authorization status='not_attempted'
  DENIED: Either 'deny' or 'exception' was matched in policy -> Policy denied upload to DropBox
    url.category: File Storage/[email protected] Coat
    server.certficate.hostname.category: File Storage/[email protected] Coat
  application.name: Dropbox
  application.operation: Upload Files  -> DropBox Upload Option
  DSCP client outbound: 65
  DSCP server outbound: 65

stop transaction --------------------



 

Attachments