User guide
Chapter 9: Configuring Proxied Services
122 WatchGuard Firebox System
For detailed information about the HTTP proxy, see the online support
resources at http://support.watchguard.com.
Restricting content types for the HTTP proxy
You can configure the HTTP proxy to allow only those MIME types you
decide are acceptable security risks. On the Safe Content tab:
1 To specify that you want to restrict content types that can pass
through the HTTP proxy, enable the checkbox marked Allow only
safe content types.
2 If you want to specify content types to allow, click the upper Add
button in the dialog box.
The Select MIME Type dialog box appears.
3 Select a MIME type. Click OK.
4 To create a new MIME type, click New Type. Enter the MIME type
and description. Click OK.
The new type appears at the bottom of the Content Types drop list. Repeat this
process for each content type. For a list of MIME content types, see the Reference
Guide.
5 If you want to specify unsafe path patterns to block, enter a path
pattern next to the left of the Add button. Click Add.
Only the path and not the host name are filtered. For example, with the Web site
www.testsite.com/login/here/index.html, only the elements /login/ and
/here/ can be added to the unsafe path patterns box, not *testsite*.
If you want to disable content type filtering, click the Settings tab. Disable
the checkbox marked Require Content Type.
N
OTE
Zip files are denied when you deny Java or ActiveX applets, because Zip
files often contain these applets.
Configuring a caching proxy server
Because the Firebox’s HTTP proxy does no content caching, the Firebox
has been designed to work with caching proxy servers. Because company
employees often visit the same Web sites, this greatly speeds operations
and reduces the load on external Internet connections. All Firebox proxy
and WebBlocker rules that are in place still have the same effect.