hi all,
I am newbie here.
I would like to get help on how to block uploading pdf file from external IP address.
will anyone help?
thanks
First, PDF is not in the default list of firewall layer 7 protocol matchers, so it must be created:
/ip firewall layer7-protocol
add name=PDF regexp="%PDF-1\\.[0123456]"
Next, you must use this matcher in a firewall filter rule and I’m not sure exactly which direction you view as uploading or external, so adjust the following as necessary:
/ip firewall filter
add action=drop chain=forward in-interface=ether1 disabled=no layer7-protocol=PDF
Note that I have it in the forward chain because the layer-7 filter must be able to examine both sides of the connection (first 10 packets or 2kb).
This is not foolproof, as layer-7 filters only examine each connection. If the connection is made for multiple file transfers and the PDF is not in the first 10 packets/2kb of the connection, the connection would not be dropped and no further examination will be made.
thanks so much
i ll give it a try