Firewall Wizards mailing list archives
Re: File type filtering (Was: Firewall Solution - 50 Users on SDSL Connection)
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Sun, 05 Oct 2003 16:55:15 +0200
Paul Robertson wrote:
[file extension filtering...] Best done at the application layer- the mail server, and a Web proxy if that's appropriate (MIME type filtering is probably the more current capability.) I'd probably hack up Apache's mod_proxy or the fwtk's http-gw to get it to do it.
*meep* everything microsoft ignores mime type. It looks at the extension first, and *then* at the mine type. To make matters even worse, it also looks at magic bytes INSIDE files if it doesn't recognize the file extension (and mime type? i'm unsure here..). Try it yourself: save a word document, close word, rename the file extension from ".doc" to ".foobar". Double click the file. Hence, if you have microsoft boxen in your network, the only reliable solution is whitelisting; deny everything, then allow the cross section of allowed mime types AND file extensions. By cross section I mean that the mime type has to be good AS WELL AS the extension. Yes, this sucks immensely when you want to receive files without extension, which often happens under *nix. Actually, the situation improves somewhat if you stay away from IE and Outlook. Netscape/mozilla and various other apps obey the mime type before the extension, which is a Good Thing. But you shouldn't be using IE/Outlook to begin with if you want any level of security ... right? -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall Solution - 50 Users on SDSL Connection Dan Harp (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Marcus J. Ranum (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: File type filtering (Was: Firewall Solution - 50 Users on SDSL Connection) Mikael Olsson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Marcus J. Ranum (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Devdas Bhagat (Oct 05)