Introduction
This document describes how to prevent attachment of a file to a Gmail email.
Prerequisites
Requirements
Cisco recommends that:
- HTTPS proxy is enabled
- Data security filters are enabled
Components Used
The information in this document is based on the Cisco Web Security Appliance (WSA), AsyncOS version 7.1.x and later.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Procedure
Gmail supports both HTTP and HTTPS.
This is controlled per user under Settings > General > Browser Connection in Gmail's user interface.
If Gmail is configured to use HTTPS, then in order to control uploads on Gmail, you need to utilize Decryption Policies on the WSA.
First, in order to simplify the setup, you should test HTTP connections on Gmail. As an example, these steps show you how to block users from uploading a PDF file.
- Sign in to your Gmail account and navigate to Settings > General > Browser Connection.
- Set this option to Don't always use https.
- Once saved, sign out and sign back in. You should notice that your address bar now shows http://.
- Choose Web Security Manager > Data Security.
- Click Content for the respective Data Security Policy.
- Since you want to block PDF, click Document Types under Block File Types.
- Click the Portable Document Format (PDF) check box.
- Once done, submit and commit the changes.
In order to troubleshoot, enable Data Security Logsunder System Administration > Log Subscription.
Your logs should be similar to:
# Access Logs
1268180609.847 1206 10.7.4.227 TCP_DENIED/403 2088 POST http://mail.google.com/mail/?ui=2&ik=f2587fbf50&view=up&<SNIP>attid=f_g6lfwhxt3
- NONE/- - BLOCK_ADMIN_IDS-DefaultGroup-test.id-DefaultGroup-NONE-NONE <IW_mail,0.7,0,-,-,-,-,-,-,-,-,-,-,1,-,IW_mail,-> -
# Data Security Logs
Wed Mar 10 11:23:37 2010 Warning: 119 10.7.4.227 - - <<WSA_6.0.2_GA_Release_Notes.pdf,application/pdf,403283>>
BLOCK_ADMIN_IDS-DefaultGroup-test.id-DefaultGroup-NONE-NONE 0.7 mail.google.com IW_mail
Notice BLOCK_ADMIN_IDS on both logs. The Data Security Logs show that the file uploaded was application/pdf.
Note: The Gmail user interface shows an error which indicates the upload was not successful.
Next, set Gmail to use HTTPS under Settings > General > Browser Connection and set this value to Always use https. Save the changes, sign off, and sign back in.
You can use these configuration steps in order to control uploads for HTTPS access:
- Choose Web Security Manager > Decryption Policies and click URL Categories for the respective Decryption Policy.
- Set the URL category Web-based Email to Decrypt.
- When you try to upload a PDF file on Gmail now, you should see these logs appear.
# Access Logs
1268181243.208 628 10.7.4.227 TCP_CLIENT_REFRESH_MISS_SSL/200 64 CONNECT tunnel://mail.google.com:443/ - DIRECT/mail.google.com
- DECRYPT_WEBCAT-DefaultGroup-test.id-NONE-NONE-DefaultRouting <IW_mail,0.7,-,-,-,-,-,-,-,-,-,-,-,-,-,IW_mail,-> - 272
1268181246.378 2976 10.7.4.227 TCP_DENIED_SSL/403 2082 POST https://mail.google.com:443/mail/?ui=2&ik=f2587fbf50&view=up&<SNIP>&attid=f_g6lga1j70
- NONE/- - BLOCK_ADMIN_IDS-DefaultGroup-test.id-DefaultGroup-NONE-NONE <IW_mail,0.7,0,-,-,-,-,-,-,-,-,-,-,1,-,IW_mail,-> - 273
# Data Security Logs
Wed Mar 10 11:34:14 2010 Warning: 273 10.7.4.227 - - <<WSA_6.0.2_GA_Release_Notes.pdf,application/pdf,403283>>
BLOCK_ADMIN_IDS-DefaultGroup-test.id-DefaultGroup-NONE-NONE 0.7 mail.google.com IW_mail
Notice that you see BLOCK_ADMIN_IDS for this HTTPS transaction.
Note: The Gmail user interface shows an error which indicates that the upload was not successful.
Additional Notes:
- These steps show how to block certain file types from being uploaded to Gmail.
- Similar steps can be taken for the majority of the web sites.
- The exact steps on your WSA might differ dependent on how it is currently configured.
Feedback