HTTPS contntion Inspection Ignores Body Content Type
OK So I have a simple HTTPS Proxy, which is used on my network. I have enabled Content Inspection for both domain names and Webblocker.
For both Contention Inspection and Webblocker I have it set If no action "Inspect" and chose the proxy action "HTTP-Client.1" which is the same used in my HTTP Proxy and this works ok and blocks files.
In my Body Content Types I have
But upon testing this on random http sites, I find users can download zips and exes without issue. Checking the Logs/traffic monitor it shows the correct proxy names, it just seems to ignore the content types. It is definitely using this proxy aswell as I can make changes to things like line lengths, and if I try access blocked webblocker pages I get the correct Deny messages taken from this proxy action screen.
Any suggestions?
Comments
I have turned it all off, not worth the hassle. 99% of websites don't function with it enabled, you have to add allow exceptions, I found users are ringing every second saying they can't use a particular website, and in some cases even with an allow exclusion they don't function. just a ball ache.
HTTP sites need to use a HTTP proxy.
Content type checking is based on the hex chars at the beginning of the file.
Perhaps the file doesn't match the hex string.
I have added a genereic .exe with a pattern match of %0x4d5a%*
You can also block based on URL paths - such as *.zip
Works fine here. Can you give us a link to get the EXE that gets "ignored"? I'd like to test it myself.