Solutions

Using the VPM, how do I block a download based on file size?

Solutions ID:    KB5133
Version:    3.0
Status:    Published
Published date:    05/27/2012
Updated:    03/14/2014
 

Problem Description

You want to:

1. Deny anyone downloading a file greater than a certain size.

2. Ensure proper functionality if the response header does not have a content-length header.

3. Use Visual Policy Manager (VPM) to control this.

Resolution

To block download file size based on the "Content-Length" header, complete the following steps:

Steps:

1. Open the VPM.

2. Create or open a Web Access Layer.

3. Create the following rule:

Rule1:

Destination: Set > New > Response Header; select Header Name: Content-Length, and put Header Regex: $. Name it as No_Content_Length, then right-click and select NEGATE.

Action: ALLOW

Explanation of Rule1: ALLOW any sites that does not have a content-length header in its response header.

Rule2: (For explanation in picture, please go to KB4440)

Destination: Set > New > Response Header; select Header Name: Content-Length, and put in the desired Regex from the list below (for example: 50MB). Name it, then right-click and select NEGATE.

Action: DENY

Explanation of Rule 2: DENY any file size that does not match Regex from the list (file size is larger than the regex number).

Examples of Regular Expression (Regex) syntax:

Currently, the only way that you can limit the size of HTTP objects returned is by creating policy that matches on the content-length header of the object returned. Objects that are not returned with a content-length will not match the following policy. Proxied FTP requests are not affected by this policy because they are not returned with a content-length header.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question