Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Media Type Filtering

Media type filtering on Secure Web Gateway allows you to block requests for access to files and other web objects if they are of particular media types. For example, you can block access to executables or archives.

A typical reason for blocking a media type is that you consider downloading it a threat to web security. Another reason might be that downloading it would excessively consume resources.

To configure media type filtering, you can:  

  • Configure the rules in the default rule set for media type filtering

    The default rules use lists of media types that you fill in to block requests for uploading or downloading them.

    For more information, see Media Type — Block Access to Media Types

  • Create media type filtering rules that differ from the default rules using the Rule Builder

    You will typically create such rules if using only the default rules does not meet your requirements. When creating them, it is important to understand the following:

    • How the elements of a media type filtering rule work together to serve the purpose of the rule

      These elements include the rule condition with criteria, operator, and value, and the rule action, which is executed if the condition matches.

      For example, if Ensured media types is configured as criteria, contains as operator, and application/archives as value, the condition matches if a requested web object is an archive. The rule action, for example, Block request, is then executed.

      For more information, see How a Media Type Filtering Rule Works

    • How different media type filtering rules work together in a rule set to ensure web security

      These rules can, for example, block access to media types or allow it only as an exception. You also need to consider the flow of rule processing here. For example, when a block rule is executed, rule processing stops, so all following rules in the rule set are not processed anymore. 

      For more information, see How a Rule Set for Media Type Filtering Works

    • How the different criteria that are available for configuring media type filtering can be used in rules

      The different criteria rely on different attributes of files and other web objects, which are evaluated to find media types for them. These attributes are, for example, the extension of a file name or the magic bytes and other signatures of a file. They are available in the different cycles of the filtering process, for example, in the request or response cycle.

      For more information, see List of Criteria for Media Type Filtering.

     For information about how to work with the Rule Builder to create a rule, see Create a Rule with the Rule Builder.

For additional information about media type filtering, including information about dependencies and how to configure media types to bypass DLP scanning, see More about Media Type Filtering.

  • Was this article helpful?