How can I prevent users from downloading mp3, .exe, .pdf, .zip or other media files?


This article applies to:

  • R3000/WF/WFR

Question:

How can I prevent users from downloading mp3, .exe, .pdf, .zip or other media files?

Reply

How can I block files like .exe, .pdf and .zip?

First of all, keep in mind that the filter is primarily a URL filter.  Currently, the filter cannot "inspect" TCP packets to determine if it's a Word document, PDF file, Windows program, Mac program, game, image, or whatever.  All it can do is look at the URL.

While it's true that the filter can filter based on proxy patterns, IM patterns, P2P patterns, and do HTTPS certificate validation, it still cannot inspect web traffic to determine the CONTENTS of the file.

You can block files such as .exe, .pdf, .zip, and .bat ONLY if these keywords appear in the URL.

To do this, you must use the "URL Keyword Filtering" option.

1.  Go to Library -> Category Groups>Custom Category
    Select a category that you're already BLOCKING, or create a new custom category which will hold a list of URLs (and URL Keywords) that you want to block).

2.  Let's suppose that you chose to create a new custom category.  Click on the category and select "URL Keywords."  If you want to block executable files from being accessed/downloaded, simply add:

  .exe

(remember to include the "dot"!!)

You CANNOT use wildcards, such as:  *.exe

3.  When you've finished adding URL Keywords to your custom category, click "Reload Library."

4.  While you're waiting for the library to reload (approximately 15-minutes), let's BLOCK the custom category in your profile(s)... go to the Group Profile and locate the category that contains the new URL Keywords you've just added. Be sure to BLOCK that custom category.

5.  Now, while in the Group Profile,, select "Filter Options," and then select "URL Keyword Filter Control."  (Be sure to always save your changes by clicking on the Apply or Save button).

At this point (assuming that the library has finished reloading), any URL containing ".exe" should get blocked.


This article was previously published as:
8e6 KB 281297

Last Modified 4/17/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle12472.aspx