Firewall not blocking txt files and script files even with file blocking profile is in place

Firewall not blocking txt files and script files even with file blocking profile is in place

14744
Created On 10/28/21 09:49 AM - Last Modified 12/07/22 02:13 AM


Symptom


Text files and script files are not being blocked despite file blocking profile is configured to block all files.

Environment


  • Palo Alto Firewall
  • PAN-OS 10.0
  • File blocking configured

Cause


  • For text files or script files PaloAlto Firewall rely on file type extension .
  • When text file (.txt) extension is removed , it does not have any magic number or headers to identify the file type. In this case Firewall cannot identify the file as text file causing problem.

Resolution


​​​​If there is any data that needs to be protected that could leak through text files or script files then configuring Enterprise Data Loss Prevention (DLP) is the best option. 

Additional Information


  • PaloAlto Firewall identifies file types using several methods or combination of the following 
  1.  Filename extension 
  2.  File Headers with metadata
  3.  Special keywords (may be combined with extensions) on clear text file types like ps1 or shell scripts
  • Nature of the file type can be different than what we see in the file extension.
  • To find the real extension or type of a file we can use the Linux command "file <filename.extn>" 
  • Or using the Linux command  "xxd -a <filename.extn>| head -10" which shows the content of file in hex and ascii format where we can find the magic number which also reveals actual file type.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMh7CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language