WinGate Forums

[nshaikh]

Hi

I want to stop uploading and downloading attachments from web based emails (hotmail, yahoo etc), please advice urgently how to stop them.

Regards

Naveed Shaikh

[jamesc]

Scenario: I presume you have a white list of allowed websites already setup in the WWW Proxy Server. And I presume you are using NTLM authentication.

Solution: Make a new policy for Everyone, Ban .exe, .bat etc... in Ban tab, and then allow access to Yahoo.com, Hotmail.com and Gmail.com via Advanced tab.

WWW Proxy Server --> Policies.
Default Rights = Are ignored.

1. Existing White list policy.

WWW Proxy Server --> Policy
Everyone, User must be authenticated.
Advanced tab:
Filter 1
This criterion is met if HTTP URL Contains companywebsite.com
Filter 2
This criterion is met if HTTP URL Contains supplier.com
Filter 3
This criterion is met if HTTP URL Contains partner.com
Filter 4
This criterion is met if HTTP URL Contains microsoft.com


2. New Policy to restrict access to downloading attachments from web mail.

WWW Proxy Server --> Policy
Everyone, User must be authenticated.
Ban tab:
This criterion is met if HTTP URL Ends with .exe
This criterion is met if HTTP URL Ends with .msi
This criterion is met if HTTP URL Ends with .bat
This criterion is met if HTTP URL Ends with .mp3
This criterion is met if HTTP URL Ends with .mpeg
This criterion is met if HTTP URL Ends with .mpg
This criterion is met if HTTP URL Ends with .zip
This criterion is met if HTTP URL Ends with .rar
This criterion is met if HTTP URL Ends with .doc
This criterion is met if HTTP URL Ends with .rtf
This criterion is met if HTTP URL Ends with .etc

Advanced tab:
Filter 1
This criterion is met if HTTP URL Contains yimg.com
Filter 2
This criterion is met if HTTP URL Contains akamai.net
Filter 3
This criterion is met if HTTP URL Contains mail.yahoo.com
Filter 4
This criterion is met if HTTP URL Contains hotmail
Filter 5
This criterion is met if HTTP URL Contains gmail.com


*It’s been a while since I checked what URL's need to be used. So if you get any authentication failures then look at the URL that failed and then asses whether you need it to access this web mail.

[nshaikh]

Thanks for your reply james, if you can try this will not work, reason is it stops downloading from the website like if i am downloading something from "download.com" it stops, but it will not work with webmail. Another problem is the uploading the attachment, i have tried so many things but it wont work.

Please advised.

Regards
Naveed Shaikh

Scenario: I presume you have a white list of allowed websites already setup in the WWW Proxy Server. And I presume you are using NTLM authentication.

Solution: Make a new policy for Everyone, Ban .exe, .bat etc... in Ban tab, and then allow access to Yahoo.com, Hotmail.com and Gmail.com via Advanced tab.

WWW Proxy Server --> Policies.
Default Rights = Are ignored.

1. Existing White list policy.

WWW Proxy Server --> Policy
Everyone, User must be authenticated.
Advanced tab:
Filter 1
This criterion is met if HTTP URL Contains companywebsite.com
Filter 2
This criterion is met if HTTP URL Contains supplier.com
Filter 3
This criterion is met if HTTP URL Contains partner.com
Filter 4
This criterion is met if HTTP URL Contains microsoft.com


2. New Policy to restrict access to downloading attachments from web mail.

WWW Proxy Server --> Policy
Everyone, User must be authenticated.
Ban tab:
This criterion is met if HTTP URL Ends with .exe
This criterion is met if HTTP URL Ends with .msi
This criterion is met if HTTP URL Ends with .bat
This criterion is met if HTTP URL Ends with .mp3
This criterion is met if HTTP URL Ends with .mpeg
This criterion is met if HTTP URL Ends with .mpg
This criterion is met if HTTP URL Ends with .zip
This criterion is met if HTTP URL Ends with .rar
This criterion is met if HTTP URL Ends with .doc
This criterion is met if HTTP URL Ends with .rtf
This criterion is met if HTTP URL Ends with .etc

Advanced tab:
Filter 1
This criterion is met if HTTP URL Contains yimg.com
Filter 2
This criterion is met if HTTP URL Contains akamai.net
Filter 3
This criterion is met if HTTP URL Contains mail.yahoo.com
Filter 4
This criterion is met if HTTP URL Contains hotmail
Filter 5
This criterion is met if HTTP URL Contains gmail.com


*It’s been a while since I checked what URL's need to be used. So if you get any authentication failures then look at the URL that failed and then asses whether you need it to access this web mail.

[jamesc]

Sorry bout that Naveed - I had your desired result already made in reverse from six months ago; i.e. only allow downloads from web mail sites so I just reversed it and pasted it in.

So I have gone back through my tests and this is how I have blocked attachments being uploaded or downloaded from hotmail.com and yahoo.com - hotmail.com is intertwined into live.com . There is probaly a few ways this can be done and I have not tested it with non free accounts. So give this solution a go - you may want to make a new WWW Proxy for the sake of testing this.


Scenario:
No attachments to be uploaded or downloaded from Yahoo.com or Hotmail.com.
Any file can be downloaded from Download.com
NTLM Authentication and hence the authentication level of the policy is "User must be authenticated"




WWW Proxy Server --> Policies.
Default Right = Are ignored.

Add --> Everyone - User must be authenticated

Advanced tab:
Filter 1
HTTP URL Contains yahoo.com
NOT HTTP Query string contains download=1 ** Attachment download.
NOT HTTP URL contains ym/attachments **Attachment upload

Filter 2
HTTP URL Contains Hotmail.com
NOT HTTP Query String contains scanattachment **Attachment download

Filter 3
HTTP URL Contains Akamai.net

Filter 4
HTTP URL Contains yimg.com

Filter 5
HTTP URL Contains live.com
NOT HTTP URL Contains AddAttachmentLight.aspx **Attachment upload hotmail.

Filter 6
HTTP URL Contains msn.com


WWW Proxy --> Policies
Add --> Everyone, User must be authenticated

Advanced tab:
Filter 1
This criterion is met if HTTP URL Contains download.com


*P.s. I did not test where download.com's downloads come from.