I am in a policy enforcement role, and our policy making / auditing team approached me about why they could download a jar file from a site that was not explicitly allowed to provide java content (I.e. not on the whitelist). It was because the mime type not being accurate.
On Apr 10, 2015 1:40 PM, "Yuri Voinov" <yvoinov@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I would never have such an idea had not occurred. The man asked - I answered. I know what you're talking about, and I would use ACL to URL for this.
10.04.15 23:32, brendan kearney пишет:
> Be warned... a web server can be configured to send an arbitrary mime type
> for any file. You may find .jar files with a mime type of html/text. Also
> zipping a jar circumvents this check. Some ICAP servers have a "true
> content type" check that does not rely on the headers which can be forged,
> but actually looks at the file that was requested.
> On Apr 10, 2015 5:00 AM, "Yuri Voinov" <yvoinov@xxxxxxxxx> wrote:
>
>>
> http://wiki.squid-cache.org/ConfigExamples/BlockingMimeTypes
>
>
> 10.04.15 14:48, Fiorenza Meini пишет:
> >>> Hi,
> >>> is there a way to filter and block update programs which come from
> Internet, for example java update or windows update , withouth using the
> url of the web site, but working with header/mime types ?
> >>>
> >>> Thanks and regards
> >>>
> >>> Fiorenza Meini
>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVKAsjAAoJENNXIZxhPexGXY8H/jeSErby+EvjHyFQ1SNNFg1F
lrxZEVIPYNvNkv8cGCYC7Ye7JyIBOGmOjL6agOXXkwn6ch0qjb8ABP0LQYX/AfKV
GQ76E/OQjO57I5QwFgt8a0T/EoR0Mpu2lcRDi/uLzcSnt5a7djeQCr0RI+GChNEc
IbwjaI/SE2zeZfQGpiGFiUBtDs6W+bfS2QdhL75Y0+i/0r1d6Wc2CFndE41KGq9P
OIwwdqXbWdhZh254amAWs9FWoqqhxM0HONksbds6DLTdwwHeRt8mdLx0WIrgG4uO
py8r07Ml9tCQL55CcCHYpKOKtiJUZLizZRyptFZaYUiWaaW+m418CUJptDvChvU=
=iCuZ
-----END PGP SIGNATURE-----
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
