Block files download using Sophos Firewall Client?

Hello pmendoza,

as long as the "download" is done with HTTP(S)  on the usual ports (80,443) - no. What really discerns a "download" from "browsing" is how the browser handles the file, thus as far as the HTT protocol is concerned you can't "detect" a download. Furthermore, SCF inspects only OSI layers 3 and 4 (and even there does not cover the complete suites) - it does not act on the higher layers (usually summarized as application). Gateway firewalls usually do look into the application streams - and while it's thinkable do disallow certain MIME types (e.g. application/octet-stream) this wouldn't be a general solution (you can't block e.g. image downloads without breaking most of the web pages).

Christian

Hello pmendoza,

as long as the "download" is done with HTTP(S)  on the usual ports (80,443) - no. What really discerns a "download" from "browsing" is how the browser handles the file, thus as far as the HTT protocol is concerned you can't "detect" a download. Furthermore, SCF inspects only OSI layers 3 and 4 (and even there does not cover the complete suites) - it does not act on the higher layers (usually summarized as application). Gateway firewalls usually do look into the application streams - and while it's thinkable do disallow certain MIME types (e.g. application/octet-stream) this wouldn't be a general solution (you can't block e.g. image downloads without breaking most of the web pages).

Christian