Define Exceptions; Http Responses: Content Types - Watchguard Firebox X15 User Manual

HTTP proxy exceptions
You use HTTP proxy exceptions to bypass HTTP proxy rules for certain web sites without bypassing the proxy
framework. Traffic that matches HTTP proxy exceptions still goes through the standard proxy handling used
by the HTTP proxy. However, when a match occurs, some proxy settings are skipped.

Define exceptions

You can add host names or patterns as HTTP proxy exceptions. For example, if you block all web sites that end
in .test but want to allow your users to go to the site www.abc.test, you can add www.abc.test as an HTTP
proxy exception.
You specify the IP address or domain name of sites to allow. The domain (or host) name is the part of a URL
that ends with .com, .net, .org, .biz, .gov, or .edu. Domain names can also end in a country code, such as .de
(Germany) or .jp (Japan).
To add a domain name, type the URL pattern without the leading "http://". For example, to allow your users to
go to the WatchGuard web site http://www.watchguard.com, type
allow all subdomains that contain watchguard.com, you can use the asterisk (*) as a wildcard character. For
example, to allow users to go towatchguard.com, www.watchguard.com, and support.watchguard.com type
*watchguard.com
To add an HTTP proxy exception:
1. From the HTTP proxy configuration, select the HTTP Settings tab.
2. In the text box to the left of the Add button type the host IP address or domain name of the web site
to allow.
3. Click Add.
Repeat steps 2 and 3 for each additional host or domain name that you want to add.
4. Click Submit.
If you want a log message recorded in your log file each time a web transaction occurs to a web site in the
exceptions list, select the Log each transaction that matches an HTTP proxy exception check box.

HTTP responses: Content types

When a web server sends HTTP traffic, it usually adds a MIME type, or content type, to the packet header that
shows what kind of content is in the packet. The HTTP header on the data stream contains this MIME type. It
is added before the data is sent.
The format of a MIME type is type/subtype. For example, if you wanted to allow JPEG images, you would add
to the proxy definition. You can also use the asterisk (*) as a wildcard. To allow any image format,
image/jpg
you add
image/*
Certain kinds of content that users request from web sites can be a security threat to your network. Other kinds
of content can decrease the productivity of your users. By default, the Firebox allows some safe content types,
and denies MIME content that has no specified content type. Some web servers supply incorrect MIME types
to get around content rules. If the default proxy definition does not meet all of your business needs, you can
add, delete, or modify the definition.
For a list of current, registered MIME types, go to :
User Guide
.
.
www.watchguard.com
http://www.iana.org/assignments/media-types
Proxy Settings
. If you want to
133