TLD Block for.zip

Might be a dumb question but....

If I were to block *.zip in the https proxy would this block .zip files from being downloaded?

If so what would be the best way to deny access to that domain but still allow zip files to be downloaded?


  • Options

    The traffic in HTTPS is encrypted - so Fireware can't see what file types are being downloaded in a HTTPS session.
    You would need to do Inspect on HTTPS, and on the HTTP proxy action specified on the HTTPS proxy action, you an block *.zip in the URL Paths section.

  • Options

    I think SParker is referring to the top level domain ".zip" which has been in the IT press of late (along with ".mov").

    My thought would be that a block at DNS level is purely on the DNS domain name, not the URL path one accesses

    eg. hXXps://malicioussite.zip/file/bitcoin.zip vs hXXps://cleansite.com/file/bitcoin.zip
    The DNS level block (if say one blocks "*.zip") should in theory block the first one but not the second.

  • Options

    Yup - clearly not thinking about the TLD part of this post.

    You can use a DNS proxy to block selected domain names or parts thereof in the Query Names section.

    If you have DNSWatch enabled, then DNS policies in your config are ignored - so you need to use DNSWatch cloud settings

    Manage DNSWatch Blocklist Domains

  • Options

    Thank you for your advice, adding a deny rule in the DNS proxy worked.

  • Options
    edited May 2023

    I use DNS packet filter instead of proxy. Can WebBlocker (*.zip/* and *.zip) achieve the same without blocking ZIP download?

  • Options

    From the docs:
    You can add a WebBlocker exception that is an exact match of a URL, a pattern match of a URL, or a regular expression.

    Since WB blocks a URL, not just a domain name, it seems difficult to me to construct the correct regular expression (RegEx) to block the zip domain but allow a .zip file suffix.
    Easier for sure using a DNS proxy.

  • Options

    Just noticed this knowledgebase article on this very topic:

Sign In to comment.