Re: IPS Content filtering techniques

[ArkanoiD <ark () eltex net>]

Well, what's the purpose of getting those null data through?
Why do you need it?

On Wed, Aug 15, 2007 at 03:35:24PM +0200, Skough Axel U/IT-S wrote:
> Does really nobody know anything about a Web proxy product filtering on MIME Content-Type setting and capable to omit 
> this check when the MIME Content-Length setting in force appears to be zero? The RFC 2616 states that the 
> Content-Type header statement can be omitted in this situation and, indeed, it has no meaning as the data section is 
> declared to be of length zero.
>
> Otherwise the data section should of course be in general be assumed to be of type "application/octet-stream" but 
> when no data section is present it is obviously no problem in bypassing the Content-Type check! Thus, there are no 
> data to prevent entering for in this situation, but the packet in force may have othre meanings such as redirect etc.
>
> I would appreciate any comments in this matter! 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards