file format filter

Hi, I'm working in a public library, I want to allow users using IE to download from the internet only certains file formats. I want user can download only .doc or .pdf or .txt files. What's the most easy way?

Is "file name url checking" pertinent to my problem?

Thanks a lot Francesco

Reply to
Francesco
Loading thread data ...

Have your firewall appliance block downloads from HTTP sessions except for the types that you want to permit.

Reply to
Leythos

No, your problem is IE. It doesn't care for filenames or MIME types.

Generally, it's a stupid idea to download any content with IE from an untrusted network because this is trivially insecure. Don't misuse it as a webbrowser!

Reply to
Sebastian Gottschalk

Don't do this. Just use another browser.

This will be difficult. But perhaps you want to explain us, why you're wanting this and what's in your mind about that.

Yours, VB.

Reply to
Volker Birk

That won't help, due to IE's infamous MIME sniffing. Let the content type be text/plain, the file ending .jpg and a at the beginning will still trigger HTML rendering.

Reply to
Sebastian Gottschalk

Some devices like a FortiGate can block http downloads of any particular file name you want -- including mail and ftp, by the way.

This counter example you cite, is it a specially engineered file intended to circumvent this protection? I'm not sure that's what Francesco is worried about, whether or not there is still a theoretical way to bypass the protection, but rather to prevent the general downloading of stuff by the partially literate uses that comprise the audience at the library's public access systems -- since it's such a simplistic way to control the network, I'm sure it's seen as just a broad strokes attempt to reduce the overall exposure. Although it's useful to understand the ways in which one's protections can be bypassed.

That said, do you have (or can you post) and example of such an engineered file? I'm curious to do some testing with it.

-Russ.

Reply to
Somebody.

This is an issue with the server-side configuration of MIME types. I've seen a lot of webservers sending .rar files als text/plain.

Reply to
Sebastian Gottschalk

Any examples? So I can do some tests?

I don't imagine any credible device would be fooled, but I'd love to see....

-Russ.

Reply to
Somebody.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.