usually add a Content-Type header that contains a MIME/type definition for the
type of content in each file that the web server serves to users. Web servers
serve many different types of content. For example, standard HTML is assigned
the "text/html" MIME type. JPG images are assigned the "image/jpeg" or
"image/jpg" content type. A normal web server can serve dozens or hundreds of
different types of content, all defined in the Content Type header by an
firewall filtering rules are designed to filter specific types of content.
Because filtering rules that apply to one type of content (such as HTML) are
often inappropriate when filtering a different type of content (such as
images), the application firewall attempts to determine the content type of
requests and responses before it filters them. When a web server or browser
does not add a Content-Type header to a request or response, the application
firewall applies a default content type to the connection and filters the
content type is normally "application/octet-stream", the most generic MIME/type
definition.This MIME/type is appropriate for any type of content that a web
server is likely to serve, but also does not provide much information to the
application firewall to allow it to choose appropriate filtering. If a
protected web server on your network is configure to add accurate content type
headers to the content it serves, or serves only one type of content, you can
create a profile for that web server and assign a different default content
type to it to improve both the speed and the accuracy of filtering.
You can also
configure a list of allowed response content types for a specific profile. When
this feature is configured, if the application firewall filters a response that
does not match one of the allowed content types, it blocks the response.
always be of either the "application/x-www-form-urlencoded" or
"multipart/form-data" types. The application firewall bypasses any request that
has any other content type designated.
Note: You cannot
include the "application/x-www-form-urlencoded" or "multipart/form-data"
content types on the allowed response content types list.