4.13.2.1. Configuring policies for MIME headers and content types

Configuring the default behavior for MIME objects is possible using the header and body_type attributes.

MimeProxy parses MIME headers first. See Table 4.39, MIME headers and Table 4.38, MIME body-types for the available headers and body-types. The following table shows the possible actions on MIME headers. Headers may be accepted or dropped, or the entire object can be rejected. Subobjects (i.e. MIME objects embedded into other MIME objects) cannot be dropped or rejected individually, the entire object must be rejected/dropped.

ActionDescription
MIME_HDR_ACCEPT Accept header.
MIME_HDR_DROP Drop the header, but do not reject the entire MIME object.
MIME_HDR_ABORT Reject the entire connection.
MIME_HDR_POLICY Call the function specified to make a decision about the header. See Section 4.13.2.1, Configuring policies for MIME headers and content types for details. Put header line into policy level.

Table 4.40.  Action codes for MIME headers

Second, MimeProxy parses MIME content (or body) types. The following table shows the possible actions on MIME types (body_type). Stacking another module is possible using the MIME_TPE_STACK action.

ActionDescription
MIME_TPE_ACCEPT Accept the MIME type.
MIME_TPE_DROP Drop the entire MIME object.
MIME_TPE_DROP_ONE Drop the MIME object. This does not affect other objects in the object.
MIME_TPE_CHANGE Modify the type of the object to the one specified in the second argument.
MIME_TPE_ABORT Abort the connection and reject the entire MIME object.
MIME_TPE_STACK Pass the content to be inspected by another proxy.
MIME_TPE_POLICY Call the function specified to make a decision about the event. See Section 4.13.2.1, Configuring policies for MIME headers and content types for details.

Table 4.41.  Action codes for MIME content types

If all contents and headers are acceptable by the local security policy, MimeProxy rebuilds the MIME message and passes it back to the parent proxy.

Example 4.30. Example usage of MimeProxy module, denying applications

Removes all applications from the messages. An error message is sent to the client (silent_drop = FALSE; the directory where the error messages are stored is specified in the mime_message_path attribute).

class MyMimeProxy(MimeProxy):
      def config(self):
              MimeProxy.config(self)
              self.body_type["application" "*"] = (MIME_TPE_DROP)
              self.silent_drop = FALSE
              self.mime_message_path="/usr/share/vela/mime"