Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
You may look at IDP's custom attack definition to create an attack vector like HTTP/HTTPS file download.
Take a look at the following link:
Hope this helps.
There is a couple of ways to configure the SRX to do the necessary blocking file uploads.
NOTE: For HTTPS you will need to use SSL proxy to offload the traffic to analyze the traffic for any files being uploaded and block them.
Here are your options.
2. Use IDP to create a custom attack signature to identify and block specific file type downloads, "TheDisciple" user provided the link to create custom signatures.
Here is an example for custom IDP signature to block exe files.
set security idp custom-attack BLOCK-EXE recommended-action ignoreset security idp custom-attack BLOCK-EXE severity majorset security idp custom-attack BLOCK-EXE time-binding count 1set security idp custom-attack BLOCK-EXE attack-type signature protocol-binding application HTTPset security idp custom-attack BLOCK-EXE attack-type signature context http-url-parsedset security idp custom-attack BLOCK-EXE attack-type signature pattern ".*\.\[exe\]"set security idp custom-attack BLOCK-EXE attack-type signature direction client-to-server
In the above signature, change the direction to check for files being downloaded or uploaded for taking necessary action.
NOTE: Reterating again, SSL proxy is required to offload HTTPS traffic to analyze and block files either uploads or downloads. Also, the above is just a signature, you will need to ensure this signature is included on a IDP rule and inturn called on a firewall policy for this to be effective.