How to block WeTransfer file upload/transfer?
04/09/2020 
29 
11107
DESCRIPTION:
WeTransfer is the simplest way to send files such as photos, videos, documents, etc., around the world. This KB article depicts the block of file upload or transfer via WeTransfer using App Rules feature.
Based on the wireshark packet capture taken from the SonicWall appliance for multiple file uploads, the HTTP PUT carries the snippet /api/v4/transfers/ on all file uploads/transfers. This piece of information is used to block the uploads.
RESOLUTION:
1. Login to SonicWall management GUI and navigate to MANAGE tab.
2. In the SonicWall GUI, navigate to Objects | Match Objects page in the GUI (In Classic view, navigate to Firewall | Match Objects page).
3. Click Add and select Match Object.
4. In the Match Object Settings window, specify the object fields
- Object Name: Any friendly name
- Match Object Type: HTTP URI Content
- Match Type: Partial Match
- Input Representation: Alphanumeric (Select the radio option)
- Content: Mention /api/v4/transfers/ and click ADD; the content gets populated under the List.
- Click OK
5. The Match Object gets added as shown in the screenshot below.
6. Navigate to Rules| App Rules page in the GUI (In Classic view, navigate to Firewall | App Rules page).
7. Click on Settings icon and enable the check box Enable App Rules. (A green tick mark indicates that app rule is enabled)
8. Click Add.
9. In the App Control Policy Settings window, specify the policy fields
- Policy Name: A friendly name
- Policy Type: HTTP Client
- Address - Source: Any (Address Object or Address Group can be selected for which the WeTransfer file upload has to be blocked)
- Service - Destination: HTTP
- Match Object - Included: Select the Match Object that was created on Step 4
- Action Object - Included: Reset/Drop
- Enable Logging: Enable this check box
- Connection Side: Client Side
- Direction: Basic, Both
- Click OK
10. The App Rule policy gets added as shown in the screenshot below.
DPI-SSL Configuration:
11. Navigate to Decryption Services | DPI-SSL/TLS Client and to General tab.
12. Under the General Settings, enable the check box Enable SSL Client Inspection and the sub check box Application Firewall.
13. Navigate to Objects tab, ensure the Include field is set to the corresponding IP address, Range or Subnets. By default, Include field is set to All which means DPI-SSL affects all users.
14. In the web-browser (IE or Firefox or Chrome), ensure the DPI-SSL certificate downloaded from Decryption Services | DPI-SSL/TLS Client | Certificate tab is loaded. (Click here for steps to install the DPI-SSL certificate on modern browsers.
How to Test:
- Launch the WeTransfer website by going to https://wetransfer.com.
- Transfer of any files from one email address to other email address should fail.
- Logs on the SonicWall GUI should display the log event messages for the triggered app rule policy as shown in the screenshot below,
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
