You want to:
1. Deny anyone downloading a file greater than a certain size.
2. Ensure proper functionality if the response header does not have a content-length header.
3. Use Visual Policy Manager (VPM) to control this.
To block download file size based on the "Content-Length" header, complete the following steps:
Steps:
1. Open the VPM.
2. Create or open a Web Access Layer.
3. Create the following rule:
Destination: Set > New > Response Header; select Header Name: Content-Length, and put Header Regex: $. Name it as No_Content_Length, then right-click and select NEGATE.
Action: ALLOW
Explanation of Rule1: ALLOW any sites that does not have a content-length header in its response header.
Destination: Set > New > Response Header; select Header Name: Content-Length, and put in the desired Regex from the list below (for example: 50MB). Name it, then right-click and select NEGATE.
Action: DENY
Explanation of Rule 2: DENY any file size that does not match Regex from the list (file size is larger than the regex number).
Currently, the only way that you can limit the size of HTTP objects returned is by creating policy that matches on the content-length header of the object returned. Objects that are not returned with a content-length will not match the following policy. Proxied FTP requests are not affected by this policy because they are not returned with a content-length header.