I was trying to control the attachments through hotmail or any other webmail… so I denied every post method on webproxy access!!! but i’m facing problems downloading emails on hotmail for example!
on yahoo I can still view my emails!!
after doing some researches I found some proxies do control the attachments the same way i’ve mentioned above but they can still view emails on hotmail or any other webmail :S
Do some webmails use a post method to download/view the emails :S???
well DOH! post is used everywhere, not just for attachments …
so why in bluecoat appliances they guarantee the attachments only (will deny) !!! and they use the rule (method post = deny)…!! t
thks
I don’t know what bluecoat is, but they will have the same troubles as you, see POST definition from W3
9.5 POST
The POST method is used to request that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request-URI in the Request-Line. POST is designed to allow a uniform method to cover the following functions:
Annotation of existing resources;
Posting a message to a bulletin board, newsgroup, mailing list,
or similar group of articles;Providing a block of data, such as the result of submitting a
form, to a data-handling process;Extending a database through an append operation
POST is not only used for attachements, but even for posting this forum message (yes, it also uses method POST, see the source of this page)
yeah i know that.. your totally right!!
bluecoat is an web filterin n proxy aplpiance (proxySG technology) and they mentioned in their documents about content filtering
Blue Coat Appliance Solution
Bluecoat combines the filtering category (based on destination URL) with any other identifiable trigger in the user request. Triggers can include file type, mime type, user, group, cookie, http headers, user-agent (browser version) and many others. This gives far greater flexibility in making policy decisions in what to allow the user to bring into the enterpriseExamples of this include:
• If the customer wants to allow users to read Webmail, but not send mail attachments, the ProxySG can do this by implementing a policy that combines the URL category “Webmail” with the HTTP method “POST”.
• If the customer wants to restrict SSL traffic because it can be a threat to get undesired content in the network, a rule can be made that combines the protocol “HTTPS” with a set of desirable categories in the URL filter list such as “Business Sites”.
• If a customer wants to allow Instant Messaging “chats” but not file transfers, a rule can be made which blocks IM method “file transfer”.
• If a customer wants to enable partners to post files to a web site for a business-to-business application, the ProxySG can virus scan objects coming from group “Partners” to ensure the partner does not propogate a virus to the web server.
• The customer wants to enable streaming from specific sites on the Internet, but wants to limit the total bandwidth consumed.
you can read the complete article on
http://www.databaseconsult.com/blog/2007/04/bluecoat-vs-open-source-proxy-solutions.html
.
one more thing Normis and it’s out of topic, already once asked you about an automatic failover script for 2 wan connections. would you please advice me!! really aprreciated…
Greetings from Lebanon
Regards,
here is a lot of examples for failover:
http://wiki.mikrotik.com/wiki/Routing