Secure Mobile Access 12.4 Administration Guide

Example: Blocking Email Attachments

Your organization may need to restrict access to sensitive data for users working from an unmanaged or untrusted public system. For example, you may want to allow users to view email messages, but prevent them from downloading email attachments that could be left behind on the computer and accessible to unauthorized users.

The following example demonstrates how to use an access control rule, together with a Matching URL resource and End Point Control zone, to block attachments from being downloaded to untrusted devices. For an overview of access control, see Access Control Rules.

The example assumes that you have an EPC zone configured (named Untrusted in this example) into which devices that are not IT-managed are classified; see Managing EPC with Zones and Device Profiles for information about configuring and using zones.

To block email attachments using a Matching URL resource

  1. In the AMC, navigate to Security Administration > Access Control.

  2. Click the + (New) icon.

    The Add Access Rule page displays.

  3. In the Position field, type a number to specify the rule’s position in the access rule list.

  4. Use the Action buttons to specify Deny.

    This will deny users access to any resource that matches the pattern you specify in the next step.

  5. Complete the information under Basic settings:

    1. Leave User selected (so that the rule users trying to access a resource).

    2. The From field specifies the users to whom the rule applies. For this example, leave the value as Any user.

    3. In the To field, click Edit to specify the target resource for this rule.

      A Resources window appears.

    4. Click New, and then select Matching URL.

      The Add Resource - Matching URL page displays.

    5. Type a name for the resource. For example, Block email attachments.

    6. In the URL box, type the URL address of your mail server.

    7. In the Path and query string matching area, select Exchange/OWA attachments from the Type of match list.

    8. Click Save.

  6. In the End Point Control zones area, click Edit to select the zone from which you will deny access to the resource (Untrusted).
  7. When you create a rule that specifies a Matching URL resource type, the user must be allowed to use a browser as an access method. On the Advanced tab, in the Access method restrictions area, make sure that the Client software agents are either set to Any, or that Web browser is among the selected agents.
  8. Click Finish.

    • Some Web-based applications automatically redirect users to other Web pages. Be certain to use the target URL address (the Web page to which users are redirected) when configuring the appliance to block email attachments. See Example: Working with a URL Redirect for more information.

    • You cannot configure a Matching URL resource to block attachments for users who connect to the appliance using OnDemand Tunnel or Connect Tunnel.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.