Summary
This article explains how to setup Box.com categories to restrict what the user can do namely downloading, uploading and opening shared documents.
Note: Implementing this solution will only work on the web client, it will not work with Box.com applications.
Solution
The following will outline the procedure of how to set up custom categories to block uploading, downloading, or accessing shared files in Box.com.
- Create a new custom category in Guardian > Policy objects > Categories, named for the service you are blocking, for example, Box.com Uploads.
- Add the following to Domain/URL filtering to block the service:
- To block downloads:
public.boxcloud.com/d
dl.boxcloud.com
- To block shared documents:
app.box.com/s
- To block uploads:
upload.app.box.com
Tip: If required, you can add all three URLs above to a single custom category to block all Box.com services
- Add the newly created custom category to the Decrypt and inspect policy in Guardian > HTTPS inspection > Manage policies.
- If one does not exist, create a new HTTPS inspection policy with the Box.com custom category selected as the What, and Decrypt and inspect as the Action.
- Create a new web filter policy (Guardian > Web filter > Policy wizard) with the following attributes:
- Who Everyone*
- What Choose the custom category created in step 1
- Where Everywhere*
- When Always*
- Action Block
- Make Sure Enable Policy is selected
*You should change these based on your organizational needs.