|
Setting Content Filtering by MIME Type and Size |
|
Rules of filtering content by file size and MIME type are defined at the end of the main [Icap] section of the drweb-icapd.ini configuration file. This section always starts with MimeStart line and ends with MimeEnd line. The section contains filtering rules (one per line). Content filtering requires the proxy server to support the ICAP preview mode. Moreover, ensure that the UsePreview parameter value is set to Yes. Filtering rules are specified as follows: <MIME type> <action1> <size> <action2> where: •MIME type - it is a MIME type of content, for example: o* - file of any type; oapplication - executables, archives, MS Office and PDF documents, etc oaudio - audio files (mp3, wav, wma, etc.) oimage - images (gif, jpg, png, svg, etc.) omessage - messages between web servers and clients omultipart - containers (mail files, packed files) otext - text or source code (html, xml, css, etc.) ovideo - video files (mpeg-1, mp4, wma) omodel - 3D models. You can specify either a family of MIME types or a concrete type (for example, video indicates any video files, video/mpeg – only file of MPEG type). The rule specified for the nearest matching MIME type is applied to an object. Thus, the rule specified for files of any type ("*") is applied only if no other rule matching the object MIME type is found. •<action1> - action (scan, pass, reject) that is applied if the object size is not greater than the specified <size> value. •<size> - threshold size. If the object size is not greater than this threshold, <action1> is applied; otherwise <action2> is applied. •<action2> - action (scan, pass, reject) that is applied if the object size is greater than the specified <size> value. If all is specified in the <size> field, only the first action (<action1>) is applied to the object. In this case, it is not required to specify <action2>. The following actions are allowed: •scan - send the file for scanning •pass - pass the file to the user without scanning •reject - reject the file and return another object. This action must be specified with a switch that defines what data is returned to the user: o-report - return an HTML page notifying the user that the file is blocked o-trunc - return a requested file truncated to zero length (empty file). Note that the reject action must not be specified without a switch! The order in which filtering rules are specified is of no importance. Examples of filtering rules: MimeStart The first rule from the given example is applied to objects which MIME type does not correspond to any of the types specified in the subsequent rules. If size of that object is less than 1MB, it is sent for scanning; otherwise, it is passed to the user without scanning. The rule specified for objects of the multipart type, instructs to reject such objects if their size is greater than 1 MB, and return an HTML page notifying on the rejection. The last rule is applied to all objects of application/x-mms-framed MIME type and instructs to pass all these objects to the user without scanning regardless of the object size. Please note that file is sent for scanning only after the scan action is applied to it (in this case, the file might be rejected due to the results of scanning, depending on the specified settings). Otherwise, if the reject action ( with '-report' or '-trunc' switch) is applied, the file is not scanned and the user receives either the corresponding notifying HTML page or the empty file. |