Best pratice for http-proxy content types
Hello.
I've got a question about the content types in http-proxies to you.
What content types are save, that I can set it to allow? The result should be a well combination to maximum security with maximum performance.
For the moment I allow
application/xml
audio/*
font/*
image/*
message/*
multipart/*
text/*
application/x-rtsp-tunneled
application/pdf
application/x-javascript
application/httpd/*
httpd/*
application/oscp-response
application/json
application/*
Default value here is Scan.
Thanks in advance for your answers.
Regards
Dirk Emmermacher
0
Sign In to comment.
Answers
I gave up trying to block most Content Types.
I have a general allow list, based on the old WG defaults from years ago
(WatchGuard recommended standard configuration for HTTP-Client with logging enabled).
I allow everything else and AV scan them, with a few Deny exceptions.
I haven't reviewed my settings for these in years.
My deny exceptions:
application/dns-message
Java-1
Java-2
My allow list - with no AV scan on some of my HTTP proxy actions - others have no allowed non-AV scanned Content Types:
text/*
image/*
audio/*
application/pdf
application/x-javascript
application/x-shockwave-flash
application/xml
application/x-httpd-*
application/httpd/*
httpd/*
application/x-rtsp-tunneled
Hello Bruce.
.
Thanks for your answer. I followed your recommendation. I searched for this old Watchuard defaults. I don't found it.
Have a nice weekend and stay healthy
Best regards from Germany
Dirk
The only source that I know of for default settings are show on on a new policy, such as in Policy Manager.
The current defaults have totally new names for the allowed content, most of them beginning with "All"
My policies go way back, so I'm not sure when the changes were made for the new "All" defaults for Content Types