File Blocking profile not working for specific URLs when trying to configure an action based on different file types
390
Created On 02/19/25 11:51 AM - Last Modified 10/21/25 22:16 PM
Symptom
- File Blocking profiles are configured, and assigned to security rules, however they are not working for certain URLs.
- It behaves like there is no File Blocking profile in place
Environment
- File Blocking Profile
- All Firewall platforms
- All PAN-OS
Cause
- When a HAR file of the website is inspected:
-
- If any website extracts the text from the file on front end (i.e.- the website) and then use a JSON format to transfer the text to the back end via a POST request. There is no filename in the traffic (i.e.- the content is extracted and transferred via a POST request which is not a file).
-
- In this case, the Firewall is NOT able to tell the filename and file type (because it is not a file which is getting transferred, instead the content is transformed to a JSON format and transferred via a POST request)
-
- So configuring file type based policy to block the file upload is not supported in the above scenario since there is no file which is transferred.
-
- This will have no record showing up on the FW GUI.
-
- This is an expected behavior and file blocking is currently not supported for the above scenario.
- This is an expected behavior and file blocking is currently not supported for the above scenario.
Resolution
- To block file uploads based on different file types in this website, there is no way to achieve because there is no original file transfers.
- Only the content of the file is transferred to the server
Additional Information
- To Block sensitive information transfer, based on Data traffic and Data patterns, please refer to the DLP setup:
https://docs.paloaltonetworks.com/enterprise-dlp/administration/configure-enterprise-dlp/create-an-enterprise-dlp-data-pattern#id8ea3d6ff-5ebc-438e-bff0-2a8967384456