Download Restriction Policy Configuration Guide
The Download Restriction Policy in Ulaa Enterprise helps organizations prevent unauthorized or risky file downloads by enforcing restrictions based on:
- File Size
- Website URL/Download URL
- MIME Type (File Type)
Using this policy, administrators can block downloads from specific websites, restrict certain file types, or prevent downloads that exceed a specified file size.
Prerequisites
- Ulaa Enterprise Admin access.
- Ulaa v2.27.0 or higher.
Navigate to Download Restrictions
- Sign in to your Ulaa Enterprise Admin Console.
- Click Switch to the Organization in the top-right corner (skip this step if you are already in the Organization view).
- Go to: Policies → Data Leak Prevention (DLP) → Download Restrictions. You will see the Download Restrictions policy page. This page allows administrators to manage blocked and exception download rules.
Create a Download Restriction Configuration
Before applying a policy to users or devices, you must first create a download restriction rule. A download restriction rule defines the conditions under which file downloads should be blocked. You can create rules based on file size, website URL, and file type (MIME type), and then apply those rules to specific device or user groups.
To open configure Download Rules,
- Click the Configure Download Rules button.
- The Configure Download Rules panel will appear, displaying all existing download restriction rules.
- Click the Add Rule button located in the top-right corner.
- Enter a meaningful Rule Name that describes the purpose of the restriction.For example:
- Block Social Media Downloads
- Restrict Large File Downloads
- Block Image Downloads from External Sites
- Prevent Video Downloads
Add Restriction Conditions
You can configure one or more conditions depending on your requirements. Each condition consists of:
A Rule Type
An Operator
A Value
Click the condition dropdown and choose the required rule type.
Restrict by File Size
Use this option to block downloads based on their file size.
Example:
Block files larger than 10 MB.
| Field | Value |
|---|---|
| Rule Type | File Size |
| Operator | GREATER THAN |
| Value | 10 MB |
Supported Operators:
- GREATER THAN
- LESS THAN
- EQUALS
- NOT EQUALS
Restrict by Website URL
Use this option to block downloads originating from specific websites or domains.
Examples:
To block downloads from: facebook.com and instagram.com
| Field | Value |
|---|---|
| Rule Type | URL |
| Operator | MATCHES |
| Value | facebook.com, instagram.com |
Supported Operators:
- MATCHES
- NOT MATCHES
You may specify multiple domains or URL patterns within the same condition.
Restrict by File Type (MIME Type)
Use this option to block downloads of specific file types.
Examples:
image/*
video/*
audio/*
application/*
text/*
Specific MIME types can also be configured:
image/png
application/pdf
video/mp4
text/plain
| Field | Value |
|---|---|
| Rule Type | MIME |
| Operator | CONTAINS |
| Value | image/* |
Supported Operators:
- CONTAINS
- NOT CONTAINS
Define Rule Logic (AND / OR)
When multiple conditions are added, choose how they should be evaluated.
AND
All configured conditions must be satisfied before the download is blocked.
Example:
File Size > 10 MB
AND
URL = facebook.com
AND
MIME = image/*
The download will be blocked only if all three conditions match.
OR
Any one of the configured conditions can trigger the restriction.
Example:
File Size > 10 MB
OR
URL = facebook.com
OR
MIME = image/*
The download will be blocked if any one condition matches.
Review the Configuration
Before saving, verify:
✅ Rule name is correct
✅ Required conditions have been added
✅ AND/OR logic is configured properly
✅ File size, URL patterns, and MIME types are entered correctly
Save the Rule
Click the Save button located at the bottom-right corner of the window.
The newly created configuration will now appear in the Rules List under Configure Download Rules.
The configuration is now ready to be assigned to device groups or user groups from the Download Restrictions page.
Note: Creating a Download Restriction Configuration only defines the rule. The configuration will not take effect until it is assigned to one or more device/user groups using the Add button on the Download Restrictions page.
Apply the Download Restriction Policy
- After creating the configuration: Return to: Policies → Data Leak Prevention (DLP) → Download Restrictions
- Click the Add button.
- Assign Rule to Device/User Groups. You will be prompted to:
- Select one or more Device/User Groups
- Select the previously created Download Restriction Configuration
- Click Save. The policy will now be enforced for the selected groups.
Policy Precedence and Exceptions
When a user belongs to multiple groups, all applicable download restriction policies from those groups are evaluated together.
For example:
- Group A blocks downloads from facebook.com
- Group B blocks downloads from instagram.com
- A user belonging to both groups will have downloads from both websites blocked.
If an Exception Policy is later configured to allow downloads from facebook.com and assigned to another group that the same user belongs to, the exception will take precedence.
As a result:
As a result:
- Downloads from facebook.com will be allowed
- Downloads from instagram.com will continue to be blockedNote: Exception policies always override matching block rules. Any block rules that do not have a corresponding exception will continue to be enforced.
Best Practices
- Use AND conditions for precise restrictions.
- Use OR conditions for broader protection.
- Apply policies initially to a test group before organization-wide deployment.
- Regularly review blocked downloads and adjust rules as needed.
- Use MIME-based restrictions to prevent downloads of potentially sensitive or risky file types.
For any additional questions or assistance with Ulaa Enterprise policies, please contact: enterprisesupport@ulaabrowser.com
Related Articles
Upload Restriction Policy Configuration Guide
The Upload Restriction Policy in Ulaa Enterprise helps organizations prevent unauthorized or risky file uploads by enforcing restrictions based on: File Size Website URL/Upload URL MIME Type (File Type) Using this policy, administrators can block ...Watermark Policy Configuration and Deployment Guide
The Watermark Policy in Ulaa Enterprise helps organizations protect sensitive information by displaying customizable text or image-based watermarks on specified websites. Dynamic placeholders can be used to automatically display user, device, ...URL pattern for Site Restrictions
URL patterns must be defined for multiple policies to indicate their applicable URLs. These patterns adhere to the following rules. Valid patterns 1. “*” This pattern matches any URL, with any scheme, port, and path. 2. “scheme://domains:port/path” ...Clipboard Restrictions - What is it?
Clipboard Restriction allows you to control how users copy and paste content within the browser. This helps prevent sensitive data from being copied out or pasted into unauthorized websites or applications. There are two lists you can use: 1. Blocked ...Field Value Validation Examples in Proxy Settings Policy
The following are valid and invalid field value examples for ProxyBypassList, ProxyServer, and ProxyPacUrl in the ProxySettings policy. Proxy Bypass List Valid: *.example.com Matches all subdomains of example.com localhost Matches local hostname ...