The following sections provide more information about media type filtering, including dependencies and a DLP scanning bypass for media types.
Position of a Rule Set for Media Type Filtering on the Policy Tree
There are some dependencies for media type filtering, which need to be considered before choosing a position for a rule set with media type filtering rules on the policy tree of your web policy.
HTTPS scanning must be performed to decrypt HTTPS traffic before media types can be found in this traffic and media type filtering can be performed on them.
- Content inspection must be performed to open composite objects with embedded objects inside before media types can be found for these objects and media type filtering can be performed on them.
For this reason, a media type filtering rule set should be placed after the rule sets for HTTP scanning and content inspection on the policy tree. This is observed for the default rule sets of Secure Web Gateway, as the following illustration shows.
DLP Scanning Bypass for Media Types
DLP scanning is performed as part of the filtering process for your web policy. You can enter media types in a bypass list to ensure that requests to access these media types are not scanned.
For more information, including information about how to work around a restriction when using this bypass list, see Configuring Media Types to Bypass DLP Scanning.