Application Octet Stream Files
I have taken steps to prevent software from being downloaded from the Internet as it was being abused by students. This was implemented using ISA 2006's Content Type filter condition 'Application'. Amongst many other MIME types it included applicationoctet-stream.
How to upload and download 'application/octet-stream' mime typed files? I followed following link for upload and download functionality.
This hasn't proven a problem for the most part, most web-servers provide a less generic content-type for productivity application type documents. There is one web-site however which appears to return the Content-Type: applicationoctet-stream for a redirect page. You can see this using Fiddler2 and going to the Brighton University home page then clicking Student Central, this redirects to the HTTPS site that hosts the Student Central Portal.
I suspect this is a miss-configuration on the server and the workaround (go directly to the SSL site) works; however I have a couple of questions: Expiration date on medicine.
- Is it effective to block 'applicationoctet-stream' are there many web-servers which actually use applicationoctet-stream as a Content-Type for executable content. I can't seem to use ISA server to report on Content-Types.
- Is there a rational reason why 'applicationoctet-stream' would be used as a Content-Type for a redirection, the only thing I can think of is some old browsers older versions of IE and Netscape can't handle applicationoctet-stream and thus won't process the re-direct.. this would seem like a poor substitute for browser detection and redirection.
Any further thoughts appreciated.
4 Answers
It seems that some webservers still deliver javascript and css as octet-stream data instead of setting their correct mime-types.
In this case, I wonder if the Blackboard VLE on that site has something to do with it?
Or is it setting applicationoctet-stream for sending some SSL data prior to changing to a SSL connection to the web server?
Bijoy to unicode converter download. According to an old microsoft KB article, some webservers encode 302 redirects as applicationoctet-stream. It doesn't say why though..
I've seen all sorts of web servers publish content with the MIME type of applicationoctet-stream. The most bizarre was the delete button in a web mail application. Have you heard back from any students as to what the side-effects have been? Or has nobody noticed? Are you concerned with bandwidth usage or is it more what they're doing with the content once it has been downloaded? I'm asking because if they're installing software on campus workstations then another option would be to control usage via active directory.
Application/octet-stream Excel File
Can you give us more information on what you want to prevent and why?
As far as your questions:
1) I would think it would be effective but it will most likely have many side-effects.
Application/octet-stream Google
2) I didn't think this was possible as MIME types are assigned per application extension.. not but internal function. For example, why would a MIME type care about what takes place within an html document?
I don't think that filtering by content type or MIME type will be effective in the long run, as nothing forces them to be set correctly for a website to work. Thus, lazy site designers have little incentive to correct them.
A better option would be to set up a proxy server such as squid between your students and the internet that blocks certain executable filetypes like .exe .bin .com .bat .cab and .zip files that contain them.
application/*, despite it's name, is not used just for 'Applications'. Your approach is breaking Postal's Law
Be conservative in what you do; be liberal in what you accept from others.