Palo Alto Networks Knowledgebase: Limiting File Size Upload using Custom Signature

Limiting File Size Upload using Custom Signature

Created On 09/25/18 19:54 PM - Last Updated 07/29/19 17:51 PM
Users in enterprise often use web based file hosting to upload big files. This creates concerns in the usage of networks bandwidth and server storage capacity, as the files can be rather big. 
Below steps are useful to control file size uploaded to a web server using the HTTP Request Content-Length parameter.
PAN-OS version: 6.1
1. Create a custom signature vulnerability
Go to Objects Tab > Custom Objects > Vulnerability, then click Add,Fill-in required fields as shown below:
Custom Vulnerability Signature
Click Signatures Tab, then click Add. In Standard window, type in theSignature Name:
At the bottom of “Standard” window, click “Add And Condition”:
Add Condition
Inside “Or Condition” window, choose Operator to “Greater Than”, chooseContext to “http-req-content-length”. To limit file size up to 10 MB, we need to fill-in the Value in bytes, 10MB equals to “10485760
Then click “OK”, click “OK” again.Or, you can just save below text as BLOCK-FILE-10MB.xml file and click “Import”in Objects Tab > Custom Objects > Vulnerability.
<vulnerability-threat version="6.1.0">
  <entry name="41001">
        <entry name="BLOCK-FILE-10MB">
            <entry name="And Condition 1">
                <entry name="Or Condition 1">
2. Create a Vulnerability Protection profile
Go to Objects Tab > Security Profiles > Vulnerability Protection, then click Add,You can name the profile as VP-FILE-UPLOAD:
Vulnerability Profile
Then click Add, and fill-in Rule Name, Theat Name, and others similarly as below :
Vulnerability Protection rule
After finish, then click OK, click OK.
3. Create Security Policy
Go to Policies Tab > Security and create your security policy:
security policy
Dont forget to assign the vulnerability protection profile VP-FILE-UPLOAD under Actions tab:
security policy rule
Click OK, then click Commit.

  • Print
  • Copy Link

Choose Language