Access by file type

Before you begin

  • This feature requires an Advanced Threat license.
  • Make sure ETP Proxy and inline payload analysis are enabled.

ETP allows you to block or monitor specific file types based on MIME type. To detect the MIME-types, ETP inspects the actual HTTP payloads and file extensions. It does not evaluate Content-Type headers which do not always match the actual file types.
Note: ETP does not inspect individual files within archive files, such as ZIP, TAR, and RAR files. To block files within archives, set file blocking on one or more archive file MIME types, such as application/zip, application/x-tar, application/x-rar (see steps below).

This procedure allows you to block or monitor the download and upload of specific file types.

How to

  1. In the Enterprise Center navigation menu, select Policies > Policies.
  2. Click the name of the policy that you want to edit.
  3. Click the Access Control tab.
  4. Click the File Types tab.
  5. To define file types for download:
    1. Click the link icon in the File Types for Download Traffic row.
    2. In the dialog that displays, select or enter the two-part identifier for each MIME type that you want to block or monitor.
      Note: Unknown or arbitrary binary data is classified as the application/octet-stream MIME type by default. Add this file type if you want to block this traffic.
    3. Click Associate.
    4. Expand the File Types for Download Traffic row to view the file types you specified. By default, the policy action is set to Block. To monitor the file type instead, click the Action column and change the value to Monitor.
    5. If the policy is configured with an identity provider and you want to exempt users or groups from the specified action, click the link in the Exceptions column and specify one or more users or groups.
  6. To define files types for upload:
    1. Click the link icon in the File Types for Upload traffic row.
    2. In the dialog that displays, select or enter the two-part identifier for each MIME type that you want to block or monitor.
      Note: Unknown or arbitrary binary data is classified as the application/octet-stream MIME type by default. Add this file type if you want to block this traffic.
    3. Click Associate.
    4. Expand the File Types for Upload traffic row to view the file types you specified. By default, the policy action is set to Block. To monitor the file type instead, click the Action column and change the value to Monitor.
    5. If the policy is configured with an identity provider and you want to exempt users or groups from the specified action, click the link in the Exceptions column and specify one or more users or groups.
  7. To apply a more aggressive scanning engine to monitored traffic, enable Aggressive. This option is not recommended for blocked file types.
  8. Click Save and deploy your changes.