I have taken steps to prevent software from being downloaded from the Internet as it was being abused by students. This was implemented using ISA 2006's Content Type filter condition "Application". Amongst many other MIME types it included application\octet-stream.
This hasn't proven a problem for the most part, most web-servers provide a less generic content-type for productivity application type documents. There is one web-site however which appears to return the Content-Type: application\octet-stream for a redirect page. You can see this using Fiddler2 and going to the Brighton University home page then clicking Student Central, this redirects to the HTTPS site that hosts the Student Central Portal.
I suspect this is a miss-configuration on the server and the workaround (go directly to the SSL site) works; however I have a couple of questions:
- Is it effective to block "application\octet-stream" are there many web-servers which actually use application\octet-stream as a Content-Type for executable content. I can't seem to use ISA server to report on Content-Types.
- Is there a rational reason why "application\octet-stream" would be used as a Content-Type for a redirection, the only thing I can think of is some old browsers older versions of IE and Netscape can't handle application\octet-stream and thus won't process the re-direct... this would seem like a poor substitute for browser detection and redirection.
Any further thoughts appreciated.
It seems that some webservers still deliver javascript and css as octet-stream data instead of setting their correct mime-types.
In this case, I wonder if the Blackboard VLE on that site has something to do with it?
Or is it setting application\octet-stream for sending some SSL data prior to changing to a SSL connection to the web server?
According to an old microsoft KB article, some webservers encode 302 redirects as application\octet-stream. It doesn't say why though...
I've seen all sorts of web servers publish content with the MIME type of application\octet-stream. The most bizarre was the delete button in a web mail application. Have you heard back from any students as to what the side-effects have been? Or has nobody noticed? Are you concerned with bandwidth usage or is it more what they're doing with the content once it has been downloaded? I'm asking because if they're installing software on campus workstations then another option would be to control usage via active directory.
Can you give us more information on what you want to prevent and why?
As far as your questions:
1) I would think it would be effective but it will most likely have many side-effects.
2) I didn't think this was possible as MIME types are assigned per application extension... not but internal function. For example, why would a MIME type care about what takes place within an html document?
I don't think that filtering by content type or MIME type will be effective in the long run, as nothing forces them to be set correctly for a website to work. Thus, lazy site designers have little incentive to correct them.
A better option would be to set up a proxy server such as squid between your students and the internet that blocks certain executable filetypes like .exe|.bin|.com|.bat|.cab and .zip files that contain them.
application/*
, despite it's name, is not used just for 'Applications'. Your approach is breaking Postal's Law