Preventing the .COM file extension from being downloaded prevents certain web pages from loading

book

Article ID: 168152

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You want to prevent users from downloading/accessing certain program file types (.EXE, .COM, .VBS) so you create a policy to exclude these file types. However, this can prevent web page URLs that end with '.com' from loading, e.g. http://www.website.com/script.do;jsessionid=4CE567144935B0F0.www.website.com.

Resolution

When checking for a particular file extension the ProxySG will look for URLs that end with ‘.com’ . It will then assume that this is an executable file and block it. To ensure that the proxy will not block a valid web page you need to check if the returned object has a MIME type of ‘text/html’ – if so, then you know that it is a web page and can therefore allow it.

To do this:

1. In the VPM Web Access Layer, create a rule that checks the file extension. This rule will ALLOW this traffic.

User-added image

2. Create a ‘Combined Destination’ Object called ‘DotCom_but_web_page’.

User-added image

3. Within the combined object, create and add a ‘Request URL’ object called ‘Ends_with_.com’ that checks if the URL ends with ‘.com’.

User-added image

4. Within the combined object, create and add a ‘HTTP MIME Type’ object called ‘HTTPMIMEType-text-html’ that checks if the MIME type is ‘text/html’.

User-added image

5. Select the action to DENY this rule. Apply the policy and test.

Now, if you navigate to a URL that ends with ‘.com’ the proxy will check to see if it is an actual web page. If it is, it will be allowed. If it is not, it will be blocked by any subsequent file extension checking rule.