Blocked Files Do not seem to be working on UAG Published Sites RRS feed

  • Question

  • Hi 

    I have a Download Policy that only allows Privilege Endpoints the option to download attachments.  However I can seem to download anything from our published sites.  

    I am just wondering if I need to add anything specific in the download tab?.  the only option ticked is 'identify by URL'

    I basically need to block all non-privileged devices and allow all privileged devices to download.  


    Thursday, October 11, 2012 12:38 PM

All replies

  • Hi Amig@. UAG needs to know what URLs are the download action. For predefined applications like OWA it already knows, but for custom application you need to supply that information. Go to the properties of the trunk and in the "Global URL Settings" tab you will see a button that say "Download URLs" where the information of the download URL can be added per-application. If you have dificulties to retrieve that information you can control the download by specifying file types instead (this time in the properties of the published application)


    // Raúl - I love this game

    Thursday, October 11, 2012 1:32 PM
  • Thanks for the reply Could you give an example for adding the download URL for a standard internal website. For example i want to block links to download doc files but I may have 100s of word docs within my website? Thanks
    Thursday, October 11, 2012 1:40 PM
  • Hi Amig@. I am afraid that the downloading of files is not an standarized action. You have to analyze your application and see if the downloading comes from the same path or if there is a particular action for doing it. In case of doubt and if you already know that the files are word docuements give a try to block by extension. Also, take a look to this useful post by Ben (Ben Ari) http://blogs.technet.com/b/ben/archive/2009/08/06/block-by-block.aspx


    // Raúl - I love this game

    • Edited by RMoros Thursday, October 11, 2012 2:00 PM
    Thursday, October 11, 2012 2:00 PM
  • Thanks again

    Yes I thought so regarding specifying URL's.  I will use extensions I think, although I have set include as PDF, DOC, DOCX and I can still download these file types???

    Thursday, October 11, 2012 2:35 PM
  • Hi Amig@. When managing this there are two elemnts to take into consideration. The first one is the identification of the download action and the second one is the associated endpoint policy. I suggest to split the tests into two parts. First review the settings for the Download action. Make sure that Include is selected in the Download section and that the extensions don't include a dot. Uncheck the remaining (URL and file size). Then, set the download policy in the published application to Never and activate the configuration. Try to download. You should receive a denied message. If this works then review the settings in the Privilege Endpoint policy as maybe the problem is there. Also make sure the UAG is updated to SP2 (an issue related to identify by extension in download policy is fixed in SP2 http://support.microsoft.com/kb/2710791)


    // Raúl - I love this game

    Thursday, October 11, 2012 3:16 PM
  • Excellent Thanks

    Yes we are running SP1 so may need to upgrade?.

    Tried setting the privileged endpoint to never but still downloading!!.

    Thanks for your help. Hopefully SP2 will fix the issue.  I will report back for others in the same situation 

    Thursday, October 11, 2012 3:38 PM
  • Wait a minute. Did you configure the "unknown content-type"? It depends on the internal web server that holds the appliaction but normally it should be application/octet-stream. If not already configured try it before updating.


    // Raúl - I love this game

    Thursday, October 11, 2012 3:57 PM
  • Thanks, I will try this setting

    We have a mixture of sharepoint and other web applications

    Thursday, October 11, 2012 4:48 PM