Example: Blocking Email Attachments
Your organization may need to restrict access to sensitive data for users working from an unmanaged or
untrusted public system. For example, you may want to allow users to view email messages, but prevent them
from downloading email attachments that could be left behind on the computer and accessible to unauthorized
The following example demonstrates how to use an access control rule, together with a Matching URL resource
and End Point Control zone, to block attachments from being downloaded to untrusted devices. For an overview
of access control, see Access Control Rules.
The example assumes that you have an EPC zone configured (named Untrusted in this example) into which
devices that are not IT-managed are classified; see Managing EPC with Zones and Device Profiles for information
about configuring and using zones.
To block email attachments using a Matching URL resource
In the AMC, navigate to Security Administration > Access Control.
Click the + (New) icon.
The Add Access Rule page displays.
In the Position field, type a number to specify the rule’s position in the access rule list.
Use the Action buttons to specify Deny.
This will deny users access to any resource that matches the pattern you specify in the next step.
Complete the information under Basic settings:
Leave User selected (so that the rule users trying to access a resource).
The From field specifies the users to whom the rule applies. For this example, leave the value as Any user.
In the To field, click Edit to specify the target resource for this rule.
A Resources window appears.
Click New, and then select Matching URL.
The Add Resource - Matching URL page displays.
Type a name for the resource. For example,
Block email attachments.
In the URL box, type the URL address of your mail server.
In the Path and query string matching area, select Exchange/OWA attachments from the Type of match list.
- In the End Point Control zones area, click Edit to select the zone from which you will deny access to the
- When you create a rule that specifies a Matching URL resource type, the user must be allowed to use a
browser as an access method. On the Advanced tab, in the Access method restrictions area, make sure
that the Client software agents are either set to Any, or that Web browser is among the selected agents.
Some Web-based applications automatically redirect users to other Web pages. Be certain to use the target URL address (the Web page to which users are redirected) when configuring the appliance to block email attachments. See Example: Working with a URL Redirect for more information.
You cannot configure a Matching URL resource to block attachments for users who connect to the appliance using OnDemand Tunnel or Connect Tunnel.
Was This Article Helpful?
Help us to improve our support portal