Media type filtering rules are implemented on Secure Web Gateway to filter web traffic based on media types. You can work with the default rules and also create rules of your own.
In the following, it is explained how a rule for media type filtering works that you can create using the Rule Builder. It is intended for use in a scenario like this:
A user sends a request to download a file of the archive media type from a web server. The request is redirected to Secure Web Gateway, where it is filtered.
If the request is allowed by the rules for the request cycle of the filtering process, it is forwarded to the web server. The web server sends the file to Secure Web Gateway in response to the request.
- In the response cycle, which is then performed, the rule shown below is processed. Its purpose is to block any attempts by users to download archive files.
If the file that the web server sent in response to the user's request is of the archive type, it is not passed on to the user. This means that the user's request is blocked. A block notification is sent to the user instead of the requested file.
To explain how this rule works, its elements are considered. These include criteria, operator, and value, which make up the rule condition, and the rule action, which is executed if the condition matches.
As adding an event to a rule is optional, this element is not considered here.
Criteria — Ensured media types
The Ensured media types criteria is processed to find out what the media type of the file is. The result is a list of media types in MIME format, as more than only one media type can be found for a file.
To find the media type or types, the magic bytes and other signatures of the file are evaluated. A media type is only included in the list if it is ensured with a high probability that the file is of this type.
In the scenario described above, the user has requested a file of the archive type and a web server has sent this file in response. The list that is the result of processing this criteria will therefore include the archive media type among its items.
For more information about this criteria, see List of Criteria for Media Type Filtering.
Operator — contains
Use of the contains operator means that for the rule condition to match, the Ensured media types list must contain the media type specified as the value of this condition.
Value — application/archives
The application/archives value specifies the media type that must be contained in the Ensured media types list for the rule condition to match. The value is specified in MIME type format, which is required, as this is also the format of the items in the Ensured media types list.
In the scenario for this rule, the application/archives media type is contained in the Ensured media types list. This means that the rule condition matches.
Action — Block request
The Block request action is executed if the rule condition matches. In this scenario, the rule condition matches, so the Block request action is executed.
The block notification that is sent to the user instead of the requested archive is configured as setting of the Block request action. It is the MediaType (Blocklist) setting.