Blocking upload is not working

Hi,

Where does your firewall rule sit in the firewall list, at the top?

Also are they using a web browser with an add-on or a seperate web page? If they are using a web browser add-on such as one of the ftp addons for firefox then you will need an application policy as well.

Ian

thanks dear, this is the only rule in the firewall,

no add-on, just normal uploading

I don't want to block dropbox, I want to block uploading files to internet

I just give it as an example of how the "no upload" policy/category is not working

Again my problem is I want to prevent upload :( it is not working neither by using the web policy or by applying traffic shaping

I have one rule only on the testing firewall, I know the traffic shaping is applied rule by rule, and I noticed that it is B not b and I shared an example of how it is not working

can anyone help please, I've tried everything and it is not working

OK, So I created another traffic shaping rule (I gave up on web policy), this time I changed the Bandwidth usage type to "shared", the upload got very slow (actually everything went slow even google.com), but still users can upload whatever size they wanted

as side question what is the difference between shared and Individual on "Rule" based Traffic shaping rule? does Individual mean that the limit is going to be applied per service or per IP or per connection? also shared what? the whole traffic through the rule will be considered or what?

I aded dropbox as an example of how to block uploads.

Do you want to block uploads or do you want to size limit them?

You can't stop uploads because the users need to upload information to access urls, so what exactly are you trying to achieve?

Do you want to block file types, file sizes. There is a tab which allows user defined allowances.

QOS applies to rules unless yo u have set QOS to a user or a device.

You do not appear to have any coherent policies, maybe you need to call in a Sophos parter/reseller with expertise in configuring an XG.

Ian

Have you modified the httpupload rule to block http and https, but that doesn't stop ftp or proprietary applications that use their own ports. Also doesn't stop the use of VPNs to bypass your restrictions.

Looked at your original rule again and you have http and https in services, you will need your block rule at the top of your rule list without http and https as services.

Ian

I will have a play with web settings when I get exclusive use of my XG.

Hi,

I was wrong, nohttpupload works with http and https enabled in the service field, no application filter applied "none".

I tried to upload to one site only and failed as blocked by the XG administrator.

Ian

Dear rfcat_vk,

Thanks for your replies, but I think you keep missing my point so let me explain again what I want (I am certified XG btw)

I want to block users from uploading files to the internet whether they tried to attach files using webmail, or uploaded files using (dropbox, googledrive, sendlargefile sites..etc) or any sites that allows such thing.

I don't want to block these sites: meaning they need to check their email for example (again I am talking about sites not applications), they also can download files from personal storage sites (dropbox, mega...etc) (again talking about sites not installed applications on computers because I can stop those easily using GPO or Sophos).

So I checked Sophos XG KB and they said blocking "httpupload" dynamic category will do this, I tried on my test Sophos but it didn't work, so I tried using the traffic shaping to limit the upload to the minimum and it also didn't work. What I posted is examples of what I tried (on my test Sophos so there is no one using vpn or anything ...etc).

If it is possible to block certain file types from uploading to the internet that would be great, but Sophos only allows blocking downloading certain file types.

I know that DLP solutions is the best way to do this, but they are expensive and I don't want all the features they provide.

I know what I am doing, I've been working on Sophos XG/UTM since it was Astaro before Sophos acquisition.

Also it seems that you are assuming that what I posted are all applied simultaneously, noooo I am testing each one of them alone to see why isn't this working

Again please read carefully what I posted.

thanks

So after more tests, I discovered that blocking "httpupload" works on very few sites, for example attaching yahoo mail will be blocked but uploading file using any sites like dropbox, mega, sendlargefile...etc all cannot be blocked.

So I guess the best way is to implement dlp solution.

I am still confused by the traffic shaping "by rule" thing as I didn't understand how it is applied when using individual option not shared, is it by connection, IP, source...etc

Hi,

Background - UTM since v4, XG since v15. No access to AD functions. Clientless users only.

You cannot apply UTM thinking to XG the logic is different. The httpuploadblock does work, but I suspect you need to have application and web checking enabled. Web at least set to allow and application set to block upload with http and https scanning enabled. I have tested the function and found it blocked uploads to my photo website. So what your testing would imply is that the sites do not use http as part of the upload or the categorisation is wrong.

I will try to explain part of the QOS on Xg that I understand.

The current version 17.1.2 does not allow QOS (bandwidth) on links/interfaces only QOS priority.

You can apply QOS (bandwidth) to

1/. an IP address

2/. an Application

3/. A user both clientless and 'real'

4/. a rule

You need to manually keep track of how much QOS you have applied so that you do not exceed your link capacity.

In cases 1, 2 and 3 the QOS settings will be applied in every rule those items are configured in.

If you would like I can provide screen shots of the QOS settings from my XG. Whether they work or not I have not tried.

Ian

Forgot IP4 and IPv6 are two different firewalls on the XG

Dear Ian

thanks again, I am not sure why you still think I am kinda newbie here but anyway I am not applying UTM thinking to anything -_-,

I have applied application and category rules and as I said the httpupload blocking works on very few sites.

You could try this block the httpupload category and apply whatever settings you think correct then open dropbox.com or mega.nz, wetransfer.com, transfer.pcloud.com  for example and try to upload files and let me know the result.

Dear Ian

thanks again, I am not sure why you still think I am kinda newbie here but anyway I am not applying UTM thinking to anything -_-,

I have applied application and category rules and as I said the httpupload blocking works on very few sites.

You could try this block the httpupload category and apply whatever settings you think correct then open dropbox.com or mega.nz, wetransfer.com, transfer.pcloud.com  for example and try to upload files and let me know the result.

HI,

I tried using the web filtering, but something has gone wrong in the XG dropdown list, the httpupload is not in the list anymore. I have restarted the XG, but the category does not appear.

I think I might have found part of the reason why the block does not work, in Application control there are a number of http* applications with allow as the default and httpupload is one of them. I add the application to my list and changed the allow to deny and blocked my upload test. I tried with dropbox but fail to get past the association, (I had to create a new account) because I have block system files enabled.

I hope that gives you additional areas to look at.

Further testing shows the drag and drop feature of dropbox uses https not http. But the block http upload does work.

Ian