Options

TLD Block for.zip

SParkerSParker
in Firebox - Product Enhancements

Might be a dumb question but....

If I were to block *.zip in the https proxy would this block .zip files from being downloaded?

If so what would be the best way to deny access to that domain but still allow zip files to be downloaded?

Comments

  • Options
    Bruce_BriggsBruce_Briggs

    The traffic in HTTPS is encrypted - so Fireware can't see what file types are being downloaded in a HTTPS session.
    You would need to do Inspect on HTTPS, and on the HTTP proxy action specified on the HTTPS proxy action, you an block *.zip in the URL Paths section.

  • Options
    PhilT_VITPhilT_VIT

    I think SParker is referring to the top level domain ".zip" which has been in the IT press of late (along with ".mov").

    My thought would be that a block at DNS level is purely on the DNS domain name, not the URL path one accesses

    eg. hXXps://malicioussite.zip/file/bitcoin.zip vs hXXps://cleansite.com/file/bitcoin.zip
    The DNS level block (if say one blocks "*.zip") should in theory block the first one but not the second.

  • Options
    Bruce_BriggsBruce_Briggs

    Yup - clearly not thinking about the TLD part of this post.

    You can use a DNS proxy to block selected domain names or parts thereof in the Query Names section.

    If you have DNSWatch enabled, then DNS policies in your config are ignored - so you need to use DNSWatch cloud settings

    Manage DNSWatch Blocklist Domains
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/dnswatch/dnswatch_domains_blocklist.html

  • Options
    SParkerSParker

    Thank you for your advice, adding a deny rule in the DNS proxy worked.

  • Options
    morpheus27morpheus27
    edited May 2023

    I use DNS packet filter instead of proxy. Can WebBlocker (*.zip/* and *.zip) achieve the same without blocking ZIP download?

  • Options
    Bruce_BriggsBruce_Briggs

    From the docs:
    You can add a WebBlocker exception that is an exact match of a URL, a pattern match of a URL, or a regular expression.

    Since WB blocks a URL, not just a domain name, it seems difficult to me to construct the correct regular expression (RegEx) to block the zip domain but allow a .zip file suffix.
    Easier for sure using a DNS proxy.

  • Options
    PhilT_VITPhilT_VIT

    Just noticed this knowledgebase article on this very topic:
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S00000110tgSAA&lang=en_US

Sign In to comment.