Skip to main content
Skyhigh Security

List of Criteria for Media Type Filtering

The table below lists and explains some important criteria for media type filtering. For each of these criteria, information is provided in the columns of the table as follows:

  • Criteria — Name of the criteria

  • Data format — Format of the data that the criteria relates to, for example, string or MIME type

  • Evaluated attributes — Attributes of a file or other web object, for example, the file name extension or the magic bytes, that are evaluated to find its media type

  • Remarks — Remarks on what to consider when using the criteria in a rule 
Criteria Data format Evaluated attributes Remarks
Ensured media types List of MIME types Magic bytes and other signatures When this criteria is processed, the result is a list of media types in MIME type format, which are found by evaluating the magic bytes and other signatures of a file or other web object.

A file or other web object can be of more than only one media type. If more than one media type is found, all of them are included in the list. If only one media type is found, the list includes only one item.

A media type must be ensured with a high probability for a file or other web object to be included in the list.

Not all files or other web objects have magic bytes and other signatures that can be used to ensure their media types with a high probability.

If you want to cover these as well, you need to configure other criteria in addition to Ensured media types for your media type filtering rules, for example, the Non ensured media types criteria. 

The magic bytes and other signatures of a file or other web object can be evaluated in the different cycles of the filtering process, for example, as follows:

  • When the upload of a file is requested, the file is sent with the request. Its magic bytes and other signatures can then be evaluated in the request cycle.
  • When a download is requested, the file is sent by a web server in response to the request. Its attributes can then be evaluated in the response cycle.

  • When a file is sent as an embedded object with a request or response, it can be evaluated in the embedded objects cycle for requests or the embedded object cycle for responses.

Non ensured media types List of MIME types Attributes of a file or other web object This criteria works in a way that is similar to how Ensured media types works. It works differently regarding the level of probability that is needed to ensure a media type.

The result of processing this criteria is a list of media types in MIME format. But even if there is only a low probability that a file or other web object is of a particular media type, this is sufficient to include this media type in the list.
Media type from header MIME type Content type specified in request or response header When this criteria is processed, the result is a media type in MIME format, which is found by evaluating the Content-Type header of a request or response.

The Content-Type header can be evaluated in the different cycles of the filtering process, for example, as follows:
  • When the upload of a file is requested, the header is sent with the request and can be evaluated in the request cycle.

  • When a download is requested, the header is sent with the request and can be evaluated in the request cycle.

    When the file or other web object is sent by a web server in response to the request, the header is sent with the response and can be evaluated in the response cycle.

Media type from extension MIME type Attributes of a file or other web object When this criteria is processed, the result is a media type in MIME format for a file or other web object. To find this media type, the following is performed:
  • The same attributes as for the Body file name criteria, see further below, are evaluated to find the file name of the web object, including its extension.

  • When the file name has been found, its extension is evaluated to find the media type of the web object.

The attributes that are needed here can be evaluated, in the same way as for Body file name, within the request and response cycles.

Body file name String 1. File name

2. Content
    disposition
    specified in
    request or
    response
    header

3. part of URL path
    after last /
When this criteria is processed, the result is a file name in string format. To find this name, the following is performed:
  • The file itself is first inspected to see if its name can be extracted.

  • If the name cannot be extracted from the file, the Content-Disposition header that is sent with a request or response is evaluated.

  • If this method fails to return the file name, the URL that was sent with the request to access the file is evaluated. The part of the URL path that follows the last / is considered to be the file name then.

The file and the URL can be evaluated in the request cycle. The Content-Disposition header can be evaluated in both the request and response cycles.

File extension String Attributes of a file or other web object When this criteria is processed, the result is a file name extension in string format. To find this extension, the following is performed:
  • The same attributes as for the Body file name criteria, see above, are evaluated to find the file name of the web object, including its extension.

  • When the file name has been found, the part after the last dot in this name is considered to be the extension. 

The attributes that are needed here can be evaluated, in the same way as for Body file name, within the request and response cycles.

Is media type archive Boolean Magic bytes and other signatures When this criteria is processed, the result is a Boolean value, either TRUE or FALSE. To find this value, the following is performed:
  • The same attributes as for the Ensured media types criteria, see above, are evaluated to find a media type or types of a file or other web object.
  • When the media type or types have been found, it is checked whether the archive media type is among them. If it is, the value that is the result of processing the criteria is TRUE, otherwise it is FALSE.

The attributes that are needed here can be evaluated, in the same way as for Ensured media types, within the request and response cycles and also within the embedded object cycles for requests and responses.

You can use other Boolean criteria in the same way as Is media type archive within a media type filtering rule, including:

  • Is media type audio

  • Is media type composite object

  • Is media type database

  • Is media type document

  • Is media type executable

  • Is media type image

  • Is media type text

  • Is media type video

  • Is stream

  • Was this article helpful?