You want to:

1. Deny anyone downloading a file greater than a certain size.

2. Ensure proper functionality if the response header does not have a content-length header.

3. Use Visual Policy Manager (VPM) to control this.

To block download file size based on the "Content-Length" header, complete the following steps:

Steps:

1. Open the VPM.

2. Create or open a Web Access Layer.

3. Create the following rule:

Rule1:

Destination: Set > New > Response Header; select Header Name: Content-Length, and put Header Regex: $. Name it as No_Content_Length, then right-click and select NEGATE.

Action: ALLOW

Explanation of Rule1: ALLOW any sites that does not have a content-length header in its response header.

Rule2: (For explanation in picture, please go to 000011341)

Destination: Set > New > Response Header; select Header Name: Content-Length, and put in the desired Regex from the list below (for example: 50MB). Name it, then right-click and select NEGATE.

Action: DENY

Explanation of Rule 2: DENY any file size that does not match Regex from the list (file size is larger than the regex number).

Examples of Regular Expression (Regex) syntax:

Currently, the only way that you can limit the size of HTTP objects returned is by creating policy that matches on the content-length header of the object returned. Objects that are not returned with a content-length will not match the following policy. Proxied FTP requests are not affected by this policy because they are not returned with a content-length header.