Watchguard Firebox X20E User Manual page 122

Configuring the HTTP Proxy
Content types
When a web server sends HTTP traffic, it usually adds a MIME type, or content type, to the packet
header that shows what kind of content is in the packet. The format of a MIME type is type/subtype.
For example, if you wanted to allow JPEG images, you would add image/jpg. You can also use the
asterisk (*) as a wildcard. To allow any image format, you add image/* to the list.
Select the HTTP Content tab.
1
Select the Allow only safe content types check box if you want to limit content types allowed
2
through the proxy. A list of common MIME types is included by default.
To add common content types to the list, select the MIME type in the Predefined content type
3
column and click the << button.
To add other content types, enter them in the empty field and click Add.
4
For a list of current, registered MIME types, go to
www.iana.org/assignments/media-types
To remove a content type, select it from the list and click Remove.
5
URL paths
A Uniform Resource Locator (URL) identifies a resource on a remote server and gives the network loca-
tion on that server. The URL path is the string of information that comes after the top level domain
name. You can use the HTTP proxy to block web sites that contain specified text in the URL path. For
example, if you want to block all pages that have the host name www.test.com, type the pattern
www.test.com*. If you want to block all paths that contain the word "sex" for all domains, type *sex*.
If you want to block executable files, type *.exe.
Select the Deny unsafe path patterns check box if you want to use URL path rules to filter the
1
content of the host, path, and query-string components of a URL.
To add a new path pattern, enter the path and click Add.
2
To remove a path pattern, select the pattern and click Remove.
3
Cookies
HTTP cookies are small files of alphanumeric text put by web servers on web clients. Cookies monitor
the page a web client is on to enable the web server to send more pages in the correct sequence. Web
servers also use cookies to collect information about an end user. Many web sites use cookies for
authentication and other legitimate functions and cannot operate correctly without cookies.
You can configure the HTTP proxy with a list of web sites. Any cookies from these web sites are then
denied by the HTTP proxy. If you want to deny cookies from all subdomains on a web site, use the wild-
card symbol (*) before and after the domain. For example, *google.com* blocks all subdomains of
google.com, such as images.google.com and mail.google.com.
Select the Deny Cookies from these sites check box if you want to block cookies from a
1
particular site.
Enter the web site domain name or partial domain with wildcards in the field and click Add.
2
Click Submit.
3
110 Firebox X Edge e-Series