The web filtering by MIME content header feature may be enabled on listed FortiOS firmware versions.
This feature may prove useful in some scenarios, for example to exempt audio streaming files from antivirus scanning (to avoid buffering on the FortiGate unit), or to block video streaming files for end users.
Scanning of these file types can be problematic, as those files often do not have a pre-determined file size. This can cause the FortiGate unit to buffer a large amount of data, without being able to perform any scan.
The content header list is configurable in the CLI only.
For other details, please refer to the FortiGate CLI reference guides at http://docs.fortinet.com .
Hypertext Transfer Protocol
HTTP/1.0 200 OK\r\n
Request Version: HTTP/1.0
Response Code: 200
Server: DCLK-AdSvr\r\n
Content-Type: video/x-ms-asf\r\n
X-Google-Inred-Content-Type: video/x-ms-asf\r\n
Content-Length: 410\r\n
Content-Encoding: gzip\r\n
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Request Version: HTTP/1.1
Response Code: 200
Last-Modified: Mon, 14 Sep 2009 00:40:51 GMT\r\n
Content-Type: video/x-flv\r\n
Content-Length: 200994\r\n
Connection: close\r\n
Content-Disposition: attachment; filename="video.flv"\r\n
Expires: Thu, 29 Oct 2009 09:06:24 GMT\r\n
Cache-Control: public,max-age=3600\r\n
Date: Thu, 29 Oct 2009 08:06:24 GMT\r\n
Server: gvs 1.0\r\n
config webfilter content-header
edit 1
set comment ''
config entries
edit "video\\/.*"
set action block
next
edit "audio\\/.*"
set action exempt
next
end
set name "weblist-01"
next
end
config webfilter profile edit "web" set comment " " config web set content-header-list 1 end next end |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.