tech.safesquid.com

The Problem : When I was trying to do checkpoint 5 from basic client scenarios (Upload Control). The task was to block uploading from all the websites except for a list of websites (I gave them Exception category) Following are the policies and profiles I made for the same.
DLP policy :
However after this when I opened images.google.com and tried to upload any image It was blocked by safesquid.

When I tried to upload file on wetransfer.com It uploaded successfully eventhough it wasn't in exception category Then I checked in the detailed logs and found that images.google.com was using the "file upload" request types. However, wetransfer.com was not using the "file upload" Request type :

To solve the same I created a custom request type for wetransfer and under content type I used application/json which was seen in the detailed logs. My policies and profile after creating custom request type : And after this when I tried uploading on wetransfer.com it didn't go through and I got the following error and when I placed wetransfer.com in EXCEPTION category I was able to upload file. I just wanted to ask you if this is the correct way to solve the problem?

Hello Sakshi,

There is a lot of flaws in finding the Root Cause of the Problem...
If you look closely not all images.google.com will have File Upload as `Request Type` Added
i.e Not all Request to any website will be having File Upload

Secondly, why did you add Content-Type: application/json as wetranfer.
How did you come to the conclusion that adding that will help?

By going with the current policy a lot other web application will not work regardless whether File Upload is happening or not.

I found in detail logs that wetransfer.com was using Content-Type : application/json when I uploaded any file to it.
To limit the request type to only wetransfer.com I added wetransfer.com to the host of the request type so that other web application using the application/json will not get blocked.