We would like to limit WebDAV to select servers for our ZIA users. As WebDAV is really just HTTP, how best to do this?
Our primary use case is blocking the use of WebDAV for payload delivery using native tools like msbuild.exe. In that specific scenario, we see this signature, but I can’t find a way to limit ZIA traffic based on the useragent.
OPTIONS 302 DavClnt
Could you not just block request method “other” in URL & Cloud App Control to these selected servers?
Just a late-night idea as WebDAV uses http extensions for file operations and WebDAV obviously needs methods LOCK and PROPFIND before GET. So maybe worth a try.
Based on our testing, PROPFIND is the most appropriate method, but I don’t seem to have it as an option under URL Filtering, only “OTHER”. That works, but it seems like a very blunt instrument.
Cloud App control doesn’t seem like a good fit because I want to do this globally. Adversaries’ WebDAV sites will probably not fit inside an existing app definition.
Copyright 2008-2020 Zscaler™, Inc.Zscaler™, SHIFT™, Direct-to-Cloud™, ZPA™, and The Cloud-First Architect™ are trademarks or registered trademarks of Zscaler, Inc.in the United States and/or other countries. All other trademarks are the property of their respective owners.