Introduction
This document describes the way of denying media download with help of ASA-CX (Context Aware) and issue faced by various users.
Problem
User is trying to deny mp3, avi, mp4 or mov file downloads from the prime security module on the ASA-5512CX.
The only options he have by default on this object are:
- Application/*
- Audio/*
- Image/*
- Message/*
- Model/*
User doesn't know how to apply them for blocking the download operation or create a new category (like Video extensions).
Solution
User watched the real time event viewer to see how CX was interpreting the test mp3 download. He found he was seeing an http transaction with mime type audio/mpeg. User was then able to get a test policy to work by creating a new file filtering profile specifying Audio/mpeg in the file filter profile.
Below are screenshots showing test object and the results of a deny (click to enlarge):
DENY
Another user manage to block the mp3 file downloads, but he was having problems with the mp4 and avi policies. As as suggested, he captured the packet via time viewer. according to the package it has a content type of "video/mp4".
but when user add the video/mp4 string to the File Filetr it gives this error
"strings indices must be integers"
instead of "video/mp4" use "*/mp4", the application let the user to introduce that string.
But when user tests the policy by downloading something on mp4 format it let the user do it.It looks like a bug so need to wait for patch or fix.
Source Discussion
This document was generated from the following discussion: denied media downloads