Allow individual users to be able to download certain extensions from individual websites
We would like to be able to allow individual or a group of users to be able to download a file type from a certain website only.
for example if ZIP files are blocked from being downloaded, however we have three users that often download from dropbox. We would like to allow these three users to be able to download ZIP files from dropbox only.
receiving here a lot of customer requests about this as well: to be able to tag a particular site to allow the download of certain (and generally blocked!) filetype just from this site, would highly be appreciated and a very handy feature!
sanju shrestha commented
Another customer also requested filetype control per site
NewBase Computer Services Pty Ltd
sophtrac Case 5237215
Petr Benda commented
Another Premium support customer has requests filetype control per site:
Shoalhaven City Council
Sophtrac Case 4795509 - was escalated to GES.
Tom Allen commented
The issue we have with Docx and alike file types is sometimes they are detected as ZIP files. I am reluctant to open ZIP files for
The workaround is to make that particular site 'trusted', which allows all file types and disables scanning.
Ideally we would be able to have a custom property for the particular site so we can only open ZIP files and keep other extensions
blocked. Trusted opens up far too many potential vulnerabilities for us.
Sophos Product: Web Security Appliance
Version in Production: 3.9.1
Feature Request Summary
How will this new feature address your business requirements?:
How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have: 2, security concerns.
Aaron Bugal commented
Agreed, with the increase in more OPEN type of usage policies for URL category access; businesses still wish to regulate what file types can be downloaded from these sites.
Ideally, breaking the association of URL and File Type within default and Additional rules and having file types act in a similar fashion to that of how the newer Authentication/Connection Profile system works would allow an overlay of file type downloads depending on request and or destination.
This would also mean a rework of the User Submission for FILES as well due to its current design.
I've also received queries on this with customers that would like specific users only to be able to download large or encrypted files.
AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented
One customer requested the ability to allow ZIP files from only certain categories of website. More generally, the ability to set policy for file types based on site category and/or site tag has been requested a few times in the past.