search cancel

Upload to Dropbox file storage portal fails despite upload permission granted to users

book

Article ID: 213663

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

A policy was created to allow users upload and download files to dropbox.com domain.

Downloading of files works fine but uploads fail. The files do not get uploaded and no error message are visible.

WSS Proxy logs confirm that the transactions vedirct is "deny" at the tcp level (not ssl or https).

SSL inspection is enabled yet it the request are blocked before they can be handled by the https proxy.

Cause

SSL interception is disabled for dropbox.com by default, even if WSS SSL interception flag is enabled.

The WSS proxy has no way of determining upload operation or endpoint without SSL interception and thus the requests are blocked.

Environment

Dropbox Application and domains added to Content Filtering Policy destination.

Upload Files and Attachments added to Content Filtering Policy 'Contents and Limits' section

The policy was moved to "Group A" so it is applied as the requests are ingressing WSS.

Resolution

Make sure SSL inspection is enabled for dropbox.com domain. 

  • With UPE / Management Center, we can do this by adding the following CPL
<SSL-Intercept>
url.domain=//dropbox.com/ policy.intercept
  • With WSS Portal tenants, you will need to contact Broadcom support to add CPL for the specific tenant.