TLD Block for.zip
Might be a dumb question but....
If I were to block *.zip in the https proxy would this block .zip files from being downloaded?
If so what would be the best way to deny access to that domain but still allow zip files to be downloaded?
Sign In to comment.
The traffic in HTTPS is encrypted - so Fireware can't see what file types are being downloaded in a HTTPS session.
You would need to do Inspect on HTTPS, and on the HTTP proxy action specified on the HTTPS proxy action, you an block *.zip in the URL Paths section.
I think SParker is referring to the top level domain ".zip" which has been in the IT press of late (along with ".mov").
My thought would be that a block at DNS level is purely on the DNS domain name, not the URL path one accesses
eg. hXXps://malicioussite.zip/file/bitcoin.zip vs hXXps://cleansite.com/file/bitcoin.zip
The DNS level block (if say one blocks "*.zip") should in theory block the first one but not the second.
Yup - clearly not thinking about the TLD part of this post.
You can use a DNS proxy to block selected domain names or parts thereof in the Query Names section.
If you have DNSWatch enabled, then DNS policies in your config are ignored - so you need to use DNSWatch cloud settings
Manage DNSWatch Blocklist Domains
Thank you for your advice, adding a deny rule in the DNS proxy worked.
I use DNS packet filter instead of proxy. Can WebBlocker (
*.zip) achieve the same without blocking ZIP download?
From the docs:
You can add a WebBlocker exception that is an exact match of a URL, a pattern match of a URL, or a regular expression.
Since WB blocks a URL, not just a domain name, it seems difficult to me to construct the correct regular expression (RegEx) to block the zip domain but allow a .zip file suffix.
Easier for sure using a DNS proxy.
Just noticed this knowledgebase article on this very topic: