This document describes how to prevent attachment of a file to a Gmail email.
Cisco recommends that:
HTTPS proxy is enabled
Data security filters are enabled
The information in this document is based on the Cisco Web Security Appliance (WSA), AsyncOS version 7.1.x and later.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Gmail supports both HTTP and HTTPS.
This is controlled per user under Settings > General > Browser Connection in Gmail's user interface.
If Gmail is configured to use HTTPS, then in order to control uploads on Gmail, you need to utilize Decryption Policies on the WSA.
First, in order to simplify the setup, you should test HTTP connections on Gmail. As an example, these steps show you how to block users from uploading a PDF file.
Sign in to your Gmail account and navigate to Settings > General > Browser Connection.
Set this option to Don't always use https.
Once saved, sign out and sign back in. You should notice that your address bar now shows http://.
Choose Web Security Manager > Data Security.
Click Content for the respective Data Security Policy.
Since you want to block PDF, click Document Types under Block File Types.
Click the Portable Document Format (PDF) check box.
Once done, submit and commit the changes.
In order to troubleshoot, enable Data Security Logsunder System Administration > Log Subscription.