Best pratice for http-proxy content types
I've got a question about the content types in http-proxies to you.
What content types are save, that I can set it to allow? The result should be a well combination to maximum security with maximum performance.
For the moment I allow
Default value here is Scan.
Thanks in advance for your answers.
Sign In to comment.
I gave up trying to block most Content Types.
I have a general allow list, based on the old WG defaults from years ago
(WatchGuard recommended standard configuration for HTTP-Client with logging enabled).
I allow everything else and AV scan them, with a few Deny exceptions.
I haven't reviewed my settings for these in years.
My deny exceptions:
My allow list - with no AV scan on some of my HTTP proxy actions - others have no allowed non-AV scanned Content Types:
Thanks for your answer. I followed your recommendation. I searched for this old Watchuard defaults. I don't found it. .
Have a nice weekend and stay healthy
Best regards from Germany
The only source that I know of for default settings are show on on a new policy, such as in Policy Manager.
The current defaults have totally new names for the allowed content, most of them beginning with "All"
My policies go way back, so I'm not sure when the changes were made for the new "All" defaults for Content Types