HTTPS contntion Inspection Ignores Body Content Type

OK So I have a simple HTTPS Proxy, which is used on my network. I have enabled Content Inspection for both domain names and Webblocker.

For both Contention Inspection and Webblocker I have it set If no action "Inspect" and chose the proxy action "HTTP-Client.1" which is the same used in my HTTP Proxy and this works ok and blocks files.

In my Body Content Types I have

But upon testing this on random http sites, I find users can download zips and exes without issue. Checking the Logs/traffic monitor it shows the correct proxy names, it just seems to ignore the content types. It is definitely using this proxy aswell as I can make changes to things like line lengths, and if I try access blocked webblocker pages I get the correct Deny messages taken from this proxy action screen.

Any suggestions?

Comments

  • I have turned it all off, not worth the hassle. 99% of websites don't function with it enabled, you have to add allow exceptions, I found users are ringing every second saying they can't use a particular website, and in some cases even with an allow exclusion they don't function. just a ball ache.

  • edited March 2023

    HTTP sites need to use a HTTP proxy.

    Content type checking is based on the hex chars at the beginning of the file.
    Perhaps the file doesn't match the hex string.
    I have added a genereic .exe with a pattern match of %0x4d5a%*

    You can also block based on URL paths - such as *.zip

  • Works fine here. Can you give us a link to get the EXE that gets "ignored"? I'd like to test it myself.

Sign In to comment.