1

I have taken steps to prevent software from being downloaded from the Internet as it was being abused by students. This was implemented using ISA 2006's Content Type filter condition "Application". Amongst many other MIME types it included application\octet-stream.

This hasn't proven a problem for the most part, most web-servers provide a less generic content-type for productivity application type documents. There is one web-site however which appears to return the Content-Type: application\octet-stream for a redirect page. You can see this using Fiddler2 and going to the Brighton University home page then clicking Student Central, this redirects to the HTTPS site that hosts the Student Central Portal.

I suspect this is a miss-configuration on the server and the workaround (go directly to the SSL site) works; however I have a couple of questions:

  1. Is it effective to block "application\octet-stream" are there many web-servers which actually use application\octet-stream as a Content-Type for executable content. I can't seem to use ISA server to report on Content-Types.
  2. Is there a rational reason why "application\octet-stream" would be used as a Content-Type for a redirection, the only thing I can think of is some old browsers older versions of IE and Netscape can't handle application\octet-stream and thus won't process the re-direct... this would seem like a poor substitute for browser detection and redirection.

Any further thoughts appreciated.

Richard Slater
  • 3,228
  • 2
  • 28
  • 42

4 Answers4

1

It seems that some webservers still deliver javascript and css as octet-stream data instead of setting their correct mime-types.

In this case, I wonder if the Blackboard VLE on that site has something to do with it?

Or is it setting application\octet-stream for sending some SSL data prior to changing to a SSL connection to the web server?

According to an old microsoft KB article, some webservers encode 302 redirects as application\octet-stream. It doesn't say why though...

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
  • 1
    Interesting find there (got to love IT; 2004 is old) it only seems to be the HTTP re-direct page, so the KB article makes perfect sense. – Richard Slater Nov 24 '09 at 19:44
1

I've seen all sorts of web servers publish content with the MIME type of application\octet-stream. The most bizarre was the delete button in a web mail application. Have you heard back from any students as to what the side-effects have been? Or has nobody noticed? Are you concerned with bandwidth usage or is it more what they're doing with the content once it has been downloaded? I'm asking because if they're installing software on campus workstations then another option would be to control usage via active directory.

Can you give us more information on what you want to prevent and why?

As far as your questions:

1) I would think it would be effective but it will most likely have many side-effects.

2) I didn't think this was possible as MIME types are assigned per application extension... not but internal function. For example, why would a MIME type care about what takes place within an html document?

JohnyD
  • 1,614
  • 2
  • 20
  • 29
  • I block executables from being placed on any network file system almost as standard. I have tried using Software Restriction Policies, however because we are a Windows XP and Windows 2003 shop it caused too much administrative overhead when there were legitimate uses for running software of USB keys, most of the software we run is poorly written, unsigned and needs to be updated reguarly. – Richard Slater Nov 24 '09 at 19:39
  • The reason I block executables from being downloaded is we had several instances of students going to less reputable sites downloading cracked software and trying to install it, giving us dozens of hits on Anti-Virus. Blocking executable content types for students stopped this dead, which is why I am reticent to revert the change. – Richard Slater Nov 24 '09 at 19:41
0

I don't think that filtering by content type or MIME type will be effective in the long run, as nothing forces them to be set correctly for a website to work. Thus, lazy site designers have little incentive to correct them.

A better option would be to set up a proxy server such as squid between your students and the internet that blocks certain executable filetypes like .exe|.bin|.com|.bat|.cab and .zip files that contain them.

Brent
  • 22,219
  • 19
  • 68
  • 102
-1

application/*, despite it's name, is not used just for 'Applications'. Your approach is breaking Postal's Law

Be conservative in what you do; be liberal in what you accept from others.

Amandasaurus
  • 30,211
  • 62
  • 184
  • 246
  • You misunderstand what I have said, ISA Server 2006 has an "Application" content-type which included application/octet-stream not application/*. In an educational environment where the staff are liable for the safety and security of students "being liberal" is not always an option. – Richard Slater Feb 02 '10 at 17:32