Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
hw
Explorer

Allow File Download from certain URLs

Hello,

we have R80.20 and normally we don't allow to download filetypes like "exe", "zip" etc.. Therefore we created a Threat Prevention policy with the action "prevent (defined in a profile)". Now we want do define some URls (as exceptions) where a file download is accpeted and allowed.

Does anybody know, how I can do this?

Thanks for any infos.

0 Kudos
6 Replies
Omer_Shliva
Employee
Employee

Hi,

Please share an example.

0 Kudos
hw
Explorer

Hi,

for example I want to download the file "KeePass" (and later also files from other URLs) from the URL https://www.heise.de/download/product/keepass-15712

Therefore I need an exception for the domain "*.heise.de", because normaly we deny to download filetypes as exe, zip.... 

I already tried to define an exception rule under the threat prevention rule (which blocks to download certain filetypes), however this doesn't work.

How can I implement this? 

Thanks.

0 Kudos
Omer_Shliva
Employee
Employee

Hi,

 

You can create a custom application in order to allow those certain URLs. Please refer to  sk103051 for download and guide.

Then, you can create an application for “.heise.de/download” with HTTP scenario:

1.jpg

After that, import the application into Smart Console and use it in a rule in the access policy on “allow”:

2.jpg

0 Kudos
PhoneBoy
Admin
Admin

That only helps from an Access Control perspective.
Since he's blacklisting exes in general in Threat Prevention, he probably needs to create specific indicators that are set to "Detect" or "Inactive".
This means creating an indicator file that contains the necessary domains you want to allow and importing it.
See: https://sc1.checkpoint.com/documents/R80.20/SmartConsole_OLH/EN/-_ktjOvSNsVDDJA210OA3g2.htm
0 Kudos
hw
Explorer

Thanks for your answers. I will try it. 

As I described I also tried an exception under the Threat prevention. It seems that it works only with a Regex expression for the domain heise.de and not with a wildcard definition.

So the Regex: .*\.heise\.de.* allows the download from the domain heise.de however the wildcard *.heise.de or *.heise.de* doesn't work. Is the syntax for the wildcard false? I don't understand why it doesn't work with a wildcard.

 

 

0 Kudos
hw
Explorer

Thank you for the infos. I will try it.

As I described in my last post, I tried to accept the download with an exception rule under the threat prevention rule (rule which blocks all exe downloads). Now it seems, that the rule works, but only if I write the URL as a Regex expression and not as a wildcard.

So the regex works: .*\.heise\.de.* but not the wildcard *.heise.de or *.heise.de*. Is the syntax of the wildcard false? Is this also a correct way if i define a Threat prevention exception?

Thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events