4.16.2.1. Configuring policies for MIME headers and content types -

4.16.2.1. Configuring policies for MIME headers and content types

Configuring the default behavior for MIME objects is possible using the header and body_type attributes.

MimeProxy parses MIME headers first. See Table 4.45, MIME headers and Table 4.44, MIME body-types for the available headers and body-types. The following table shows the possible actions on MIME headers. Headers may be accepted or dropped, or the entire object can be rejected. Subobjects (i.e. MIME objects embedded into other MIME objects) cannot be dropped or rejected individually, the entire object must be rejected/dropped.

Action	Description
MIME_HDR_ACCEPT	Accept header.
MIME_HDR_DROP	Drop the header, but do not reject the entire MIME object.
MIME_HDR_ABORT	Reject the entire connection.
MIME_HDR_POLICY	Call the function specified to make a decision about the header. See Section 4.16.2.1, Configuring policies for MIME headers and content types for details. Put header line into policy level.

Table 4.46. Action codes for MIME headers

Second, MimeProxy parses MIME content (or body) types. The following table shows the possible actions on MIME types (body_type). Stacking another module is possible using the MIME_TPE_STACK action.

Action	Description
MIME_TPE_ACCEPT	Accept the MIME type.
MIME_TPE_DROP	Drop the entire MIME object.
MIME_TPE_DROP_ONE	Drop the MIME object. This does not affect other objects in the object.
MIME_TPE_CHANGE	Modify the type of the object to the one specified in the second argument.
MIME_TPE_ABORT	Abort the connection and reject the entire MIME object.
MIME_TPE_STACK	Pass the content to be inspected by another proxy.
MIME_TPE_POLICY	Call the function specified to make a decision about the event. See Section 4.16.2.1, Configuring policies for MIME headers and content types for details.

Table 4.47. Action codes for MIME content types

If all contents and headers are acceptable by the local security policy, MimeProxy rebuilds the MIME message and passes it back to the parent proxy.

Example 4.32. Example usage of MimeProxy module, denying applications

Example 4.32. Example usage of MimeProxy module, denying applications
Removes all applications from the messages. An error message is sent to the client (`silent_drop = FALSE`; the directory where the error messages are stored is specified in the `mime_message_path` attribute). class MyMimeProxy(MimeProxy): def config(self): MimeProxy.config(self) self.body_type["application" "*"] = (MIME_TPE_DROP) self.silent_drop = FALSE self.mime_message_path="/usr/share/zorp/mime"

Removes all applications from the messages. An error message is sent to the client (silent_drop = FALSE; the directory where the error messages are stored is specified in the mime_message_path attribute).

class MyMimeProxy(MimeProxy):
      def config(self):
              MimeProxy.config(self)
              self.body_type["application" "*"] = (MIME_TPE_DROP)
              self.silent_drop = FALSE
              self.mime_message_path="/usr/share/zorp/mime"

Previous	Up	Next
	Home

Zorp Professional 7 Reference Guide

4.16.2. Proxy behavior

4.16.2.1. Configuring policies for MIME headers and content types