Preventing the .COM file extension from being downloaded prevents certain web pages from loading
Issue/Introduction:
You want to prevent users from downloading/accessing certain program file types (.EXE, .COM, .VBS) so you create a policy to exclude these file types. However, this can prevent web page URLs that end with '.com' from loading, e.g. http://www.website.com/script.do;jsessionid=4CE567144935B0F0.www.website.com.
Resolution:
When checking for a particular file extension the ProxySG will look for URLs that end with ‘.com’ . It will then assume that this is an executable file and block it. To ensure that the proxy will not block a valid web page you need to check if the returned object has a MIME type of ‘text/html’ – if so, then you know that it is a web page and can therefore allow it.
To do this:
1. In the VPM Web Access Layer, create a rule that checks the file extension. This rule will ALLOW this traffic.
2. Create a ‘Combined Destination’ Object called ‘DotCom_but_web_page’.
3. Within the combined object, create and add a ‘Request URL’ object called ‘Ends_with_.com’ that checks if the URL ends with ‘.com’.
4. Within the combined object, create and add a ‘HTTP MIME Type’ object called ‘HTTPMIMEType-text-html’ that checks if the MIME type is ‘text/html’.
1. In the VPM Web Access Layer, create a rule that checks the file extension. This rule will ALLOW this traffic.
2. Create a ‘Combined Destination’ Object called ‘DotCom_but_web_page’.
3. Within the combined object, create and add a ‘Request URL’ object called ‘Ends_with_.com’ that checks if the URL ends with ‘.com’.
4. Within the combined object, create and add a ‘HTTP MIME Type’ object called ‘HTTPMIMEType-text-html’ that checks if the MIME type is ‘text/html’.
5. Select the action to DENY this rule. Apply the policy and test.
Now, if you navigate to a URL that ends with ‘.com’ the proxy will check to see if it is an actual web page. If it is, it will be allowed. If it is not, it will be blocked by any subsequent file extension checking rule.