https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244179#M705 <HTML><HEAD></HEAD><BODY><P>Hi Josh,<BR /><BR />Thanks for the reply. <BR /><BR />Couldnt get hold of support as my S160 gives this error message<BR /><BR /><I>The Critical message is:<BR /><BR />Internal SMTP giving up on message to customersupport@ironport.com with subject 'IronPort S160 Support Request for ironport.domain.com.au [Ability to\n\tblock filer type downloads]': Unrecoverable error.<BR /><BR />Product: IronPort S160 Web Security Appliance<BR />Model: S160<BR />Version: 5.6.0-623<BR />Serial Number: ##<BR />Timestamp: 02 Apr 2009 16:56:55 +1100</I><BR /><BR /> obviously I have removed my real domain name and serial number.<BR /><BR />Obviously email works as the unit itself was able to email me the error and I have checked the settings are correct. <BR /><BR />Can someone provide a link in the KB for how to setup a poicy to block all downloads from a web site. <BR /><BR />Thanks</P></BODY></HTML> Fri, 03 Apr 2009 05:59:56 GMT peteri_ironport 2009-04-03T05:59:56Z https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244175#M701 <P>Hi All, <BR /><BR />Seeming the knowledge base wasnt much help and I cant get through to support. <BR /><BR />I was hoping someone here could help. <BR /><BR />I am trying to create a policy which will block downloads only for webmail sites. I do not want any users able to download any attachments from webmail sites. <BR /><BR />Any help would be appreciated.</P> Thu, 02 Apr 2009 13:55:11 GMT https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244175#M701 peteri_ironport 2009-04-02T13:55:11Z https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244176#M702 <HTML><HEAD></HEAD><BODY><P>Off the top of my head, (can't test atm)<BR /><BR />Could you create a new access policy, and in the "Policy Member Definition" set it to be defined on a user category of "Web-based E-mail". (advanced section)<BR /><BR />So this Access Group would only be valid if someone access those sites. then <BR />Submit that and then set Object Blocking rules on that access policy to block file types.<BR /><BR />Might be an easier way though</P></BODY></HTML> Thu, 02 Apr 2009 19:00:12 GMT https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244176#M702 john.phillips 2009-04-02T19:00:12Z https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244177#M703 <HTML><HEAD></HEAD><BODY><P>Peteri,<BR /><BR />I don't believe that this can be done effectively and properly. Each webmail server may have there own way of delivering the "attachment". <BR /><BR />You may be able to set an access policy to only trigger on webmail and also to block all file types (other then html, so forth). This would probably work in alot of cases.<BR /><BR />Note that if they are using HTTPS, you'll need to have HTTPS decryption enabled on the WSA.</P></BODY></HTML> Thu, 02 Apr 2009 22:31:59 GMT https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244177#M703 jowolfer 2009-04-02T22:31:59Z https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244178#M704 <HTML><HEAD></HEAD><BODY><P>Also,<BR /><BR />I'm concerned that you couldn't get ahold of anyone in support. How did you contact support? <BR /><BR />Do you have an open ticket already?</P></BODY></HTML> Thu, 02 Apr 2009 22:32:32 GMT https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244178#M704 jowolfer 2009-04-02T22:32:32Z https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244179#M705 <HTML><HEAD></HEAD><BODY><P>Hi Josh,<BR /><BR />Thanks for the reply. <BR /><BR />Couldnt get hold of support as my S160 gives this error message<BR /><BR /><I>The Critical message is:<BR /><BR />Internal SMTP giving up on message to customersupport@ironport.com with subject 'IronPort S160 Support Request for ironport.domain.com.au [Ability to\n\tblock filer type downloads]': Unrecoverable error.<BR /><BR />Product: IronPort S160 Web Security Appliance<BR />Model: S160<BR />Version: 5.6.0-623<BR />Serial Number: ##<BR />Timestamp: 02 Apr 2009 16:56:55 +1100</I><BR /><BR /> obviously I have removed my real domain name and serial number.<BR /><BR />Obviously email works as the unit itself was able to email me the error and I have checked the settings are correct. <BR /><BR />Can someone provide a link in the KB for how to setup a poicy to block all downloads from a web site. <BR /><BR />Thanks</P></BODY></HTML> Fri, 03 Apr 2009 05:59:56 GMT https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244179#M705 peteri_ironport 2009-04-03T05:59:56Z https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244180#M706 <HTML><HEAD></HEAD><BODY><P>Peteri,<BR /><BR />The support request that you are sending is a fairly large file. It's possible that the mail server is blocking it. The "system logs" should hold some more data regarding this.<BR /><BR />My recommendation is to call support so we can talk you through the process and answer any questions you have in real time. <BR /><BR />The short answer is that you'll need to create a custom category that matches the specific site, create a new policy that matches only on this custom category, and then set the 'Object' policy to block the file types you wish to block.</P></BODY></HTML> Fri, 03 Apr 2009 22:35:11 GMT https://community.cisco.com/t5/web-security/ability-to-block-file-types-from-websites/m-p/1244180#M706 jowolfer 2009-04-03T22:35:11Z