SSL Interception is Required: Because file headers and POST data are encrypted within HTTPS sessions, the Edge SWG cannot identify the Apparent Data Type unless an SSL Interception policy is active for the traffic in question. Ensure your SSL Interception layer is correctly configured before proceeding.

To achieve, you must create two rules in the Web Access Layer of the Visual Policy Manger. The rules must be ordered correctly to ensure the Allow exception is processed before the Block rule. 

1. Create a new Web Access Layer. 

2. Set the source as Any 

3. Set the destination to Any

4. Set the service > New > Protocol Method 

5. Name the service Select the protocol as HTTP/HTTTPS and then check the POST connection method.

6. Set the Action and create a new action - allow transaction with the apparent data type - JPEG. 

7. Rule No. 1 is to allow the specific Apparent Data Type to upload, JPEG is an example.  

8. Rule No. 2 is to deny all other apparent data types below to deny the transaction.  

SSL Interception: To inspect and block uploads based on "Apparent Data Type" within encrypted sessions, SSL Interception must be enabled. Ensure that your policy includes an SSL Interception layer configured to intercept the relevant HTTPS traffic, as shown in the example below:

General Web Access: Ensure your policy includes a rule to allow general internet traffic for your users. Blocking uploads only restricts that specific action; a standard "Allow" rule is still required for overall connectivity.

In the example below, Rule 2 in the Web Access Layer ensures that all traffic not matching a specific restriction is permitted: