Limiting File Size Upload using Custom Signature

Limiting File Size Upload using Custom Signature

11095
Created On 09/25/18 19:54 PM - Last Updated 07/29/19 17:51 PM
Resolution
Users in enterprise often use web based file hosting to upload big files. This creates concerns in the usage of networks bandwidth and server storage capacity, as the files can be rather big. 
 
Below steps are useful to control file size uploaded to a web server using the HTTP Request Content-Length parameter.
 
PAN-OS version: 6.1
 
1. Create a custom signature vulnerability
Go to Objects Tab > Custom Objects > Vulnerability, then click Add,Fill-in required fields as shown below:
 
Custom Vulnerability Signature
 
Click Signatures Tab, then click Add. In Standard window, type in theSignature Name:
Standard
 
At the bottom of “Standard” window, click “Add And Condition”:
 
Add Condition
 
Inside “Or Condition” window, choose Operator to “Greater Than”, chooseContext to “http-req-content-length”. To limit file size up to 10 MB, we need to fill-in the Value in bytes, 10MB equals to “10485760
 
 
Then click “OK”, click “OK” again.Or, you can just save below text as BLOCK-FILE-10MB.xml file and click “Import”in Objects Tab > Custom Objects > Vulnerability.
 
<vulnerability-threat version="6.1.0">
  <entry name="41001">
    <signature>
      <standard>
        <entry name="BLOCK-FILE-10MB">
          <and-condition>
            <entry name="And Condition 1">
              <or-condition>
                <entry name="Or Condition 1">
                  <operator>
                    <greater-than>
                      <value>10485760</value>
                      <context>http-req-content-length</context>
                    </greater-than>
                  </operator>
                </entry>
              </or-condition>
            </entry>
          </and-condition>
          <order-free>no</order-free>
          <scope>protocol-data-unit</scope>
        </entry>
      </standard>
    </signature>
    <default-action>
      <reset-client/>
    </default-action>
    <threatname>BLOCK-FILE-UPLOAD</threatname>
    <severity>critical</severity>
    <direction>client2server</direction>
 
2. Create a Vulnerability Protection profile
 
Go to Objects Tab > Security Profiles > Vulnerability Protection, then click Add,You can name the profile as VP-FILE-UPLOAD:
Vulnerability Profile
 
Then click Add, and fill-in Rule Name, Theat Name, and others similarly as below :
 
Vulnerability Protection rule
 
After finish, then click OK, click OK.
 
3. Create Security Policy
Go to Policies Tab > Security and create your security policy:
security policy
 
policy
 
Dont forget to assign the vulnerability protection profile VP-FILE-UPLOAD under Actions tab:
 
security policy rule
 
Click OK, then click Commit.
 
 


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhHCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language