In SGOS 6.5.1 and AVOS 3.5.1, Broadcom introduced an enhanced set of features to detect and manage files based on their apparent data type. With the ProxySG alone, the appliance can now detect and recognize close to thirty unique data types. Unlike with MIME type, this feature does not simply examine the file's extension. Rather, the file container itself is examined and the first bytes of the file are used to identify what type of file it is.
If you have a ProxyAV appliance running version 3.5.1 or higher, there's an additional option here as well. Since the ProxyAV has the ability to examine archive (zip, rar, gz) files and their included files, the new apparent data type policy on the ProxySG can be written to leverage that capability. The ProxySG can send a zip file to the ProxyAV and have the ProxyAV report back with the types of files that are contained in that archive. The ProxySG can then use this information to match any policy that allows or denies requests based on the apparent data type.
Prerequisites:
Sample policy:
In the proceeding example (CPL code below), local user1 is allowed to download EXE files, while all other users are not. The Apparent Data type destination object looks like this:
CPL of the above policy:
;; Tab: [Web Authentication Layer]
<Proxy>
authenticate(MyLocalUsers) authenticate.force(no) authenticate.mode(auto)
;; Tab: [Web Access Layer]
<Proxy>
condition=ALLOWED_FT_USERS response.icap.apparent_data_type=(executable) Allow
response.icap.apparent_data_type=(executable) Deny
Allow
;; Tab: [Web Content Layer]
<Cache>
response.icap_service(av35,fail_closed) response.icap_service.secure_connection(auto)
define condition ALLOWED_FT_USERS
realm=MyLocalUsers user="user1"
end condition ALLOWED_FT_USE