Hi Chenjiang,
There is a couple of ways to configure the SRX to do the necessary blocking file uploads.
NOTE: For HTTPS you will need to use SSL proxy to offload the traffic to analyze the traffic for any files being uploaded and block them.
Here are your options.
- Content Security - There is no license requirement for using this feature on SRX and you can block the files being downloaded or uploaded.
https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/security-utm-content-filtering.html
2. Use IDP to create a custom attack signature to identify and block specific file type downloads, "TheDisciple" user provided the link to create custom signatures.
Here is an example for custom IDP signature to block exe files.
set security idp custom-attack BLOCK-EXE recommended-action ignore
set security idp custom-attack BLOCK-EXE severity major
set security idp custom-attack BLOCK-EXE time-binding count 1
set security idp custom-attack BLOCK-EXE attack-type signature protocol-binding application HTTP
set security idp custom-attack BLOCK-EXE attack-type signature context http-url-parsed
set security idp custom-attack BLOCK-EXE attack-type signature pattern ".*\.\[exe\]"
set security idp custom-attack BLOCK-EXE attack-type signature direction client-to-server
In the above signature, change the direction to check for files being downloaded or uploaded for taking necessary action.
NOTE: Reterating again, SSL proxy is required to offload HTTPS traffic to analyze and block files either uploads or downloads. Also, the above is just a signature, you will need to ensure this signature is included on a IDP rule and inturn called on a firewall policy for this to be effective.
------------------------------
Pradeep Hattiangadi
------------------------------
Original Message:
Sent: 02-23-2023 02:10
From: chenjiang
Subject: Could SRX block http/https file upload
Hi! Experts
Sorry for disturbing, Is there any method to configure SRX block http/https file upload, Thanks for your help
--
BR!