Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ex
New Contributor

Block All files except PDF.

hi, there is a way to create a policy with DLP Sensors that block every files except a whitelist (example only allow pdf Files). Thank you. Ex
5 REPLIES 5
TuncayBAS
Contributor II

Not with the DLP, the Webfilter as can be done with. In WebFilter (?! \.)(doc|docx|xls|xlsx)$ Would you please try using the expression block.

Tuncay BAS RZK Muhendislik Turkey NSE 4 5 6 FCESP v5

Tuncay BAS RZK Muhendislik Turkey NSE 4 5 6 FCESP v5
hklb
Contributor II

With webfilter, we will able to send a JPG file if the user rename the extension to .pdf.. I' m not an expert with DLP, but I think you need to configure first a dlp allow the extension you want allow (in this exemple .pdf) and a second the block all file. I' m not sure about my configuration, so try this in your lab ;)
netmin
Contributor II

As an example, this regular expression in a DLP block rule tests the first (magic) bytes of all files and blocks everything that does not appear to be a PDF:
^(?!\%PDF-1\.).*
seadave
Contributor III

This is something that is frustrating about 5.2.2 DLP.  You used to be able (in 4.3) to be able to create files that were either allowed or block.  Now it is only block.  Like most, we are blocking .EXEs and other file types but it is also being too aggressive and difficult for us to exempt particular files.  For instance (f.txt) files gziped from www.google.com.  I normally will add a domain to a rule without the DLP rule to allow downloads, but definitely can't do that with www.google.com.

damianariel

Hi all,

 

I have created a rule allowing a site, but when i need to try donwload .pdf file this is blocked. Any suggestion?. There is not DLP sensor activated for this rule

Labels
Top Kudoed Authors