Skip to main content
edoutreleau
edoutreleau
New Member
April 8, 2016
Question

how to block flash content?

  • April 8, 2016
  • 1 reply
  • 4759 views

Hi

 

Is there a away to block on fortinet all flash content?

    1 reply

    AndreaSoliva
    AndreaSoliva
    New Member
    April 12, 2016

    Hi

     

    what you can do is blocking on mime base which means:

     

    Check the mime header of flash with wireshark like following example for youtube:

     

           Hypertext Transfer Protocol
           HTTP/1.0 200 OK\r\n
           Request Version: HTTP/1.0
           Response Code: 200
           Server: DCLK-AdSvr\r\n
           Content-Type: video/x-ms-asf\r\n
           X-Google-Inred-Content-Type: video/x-ms-asf\r\n
           Content-Length: 410\r\n
           Content-Encoding: gzip\r\n
           Hypertext Transfer Protocol
           HTTP/1.1 200 OK\r\n
           Request Version: HTTP/1.1
           Response Code: 200
           Last-Modified: Mon, 14 Sep 2009 00:40:51 GMT\r\n
           Content-Type: video/x-flv\r\n
           Content-Length: 200994\r\n
           Connection: close\r\n
           Content-Disposition: attachment; filename="video.flv"\r\n
           Expires: Thu, 29 Oct 2009 09:06:24 GMT\r\n
           Cache-Control: public,max-age=3600\r\n
           Date: Thu, 29 Oct 2009 08:06:24 GMT\r\n
           Server: gvs 1.0\r\n


    For mime based blocking use the Content-Type information in our example:

           Content-Type: video/x-ms-asf\r\n
           Content-Type: video/x-flv\r\n

    Configure a content-header for our example like following (you have to uncomment special character on regex based which means \\ does uncomment "/"):

          # config webfilter content-header
          # edit [Use a proper Integer for content-header example "1"]
          # set comment [Use a description exmaple "Block Video"]
          # config entries
          # edit "video\\/.*"
          # set action [allow | block | exempt]
          # next
          # end
          # set name [Name for "content-header" example "video-audio-block"]
          # next
          # end

    This content header can be afterwards used in webfiler profile:

          # config webfilter profile
          # edit [Name of WebFilter Profiles]
          # config web
          # set content-header-list [Integer for the  "content-header" example "1"]
          # end
          # next
          # end

    After that use the webfilter in the correspoding Policy Rule with the proxy profile and/or ssh sshl proxy profile for encrpiton (HTTPS).

    hope this helps

    have fun

    Andrea

    edoutreleau
    edoutreleauAuthor
    New Member
    April 12, 2016

    thanks for your answer Andrea

    i have to look at the webfilter 

    Terms & ConditionsAccessibility statement