Content Types

You might wish to allow or deny certain types of content from entering into or running within your network. With traditional Layer 4 (or "stateful") firewalls, if you allowed Web traffic into your environment, you couldn't inspect the content of the Web pages. ISA Server recognizes MIME extensions that designate types of application content for unencrypted Web traffic (HTTP) and tunneled FTP. You can therefore deny or allow only designated content, such as preventing the use of Microsoft Access databases or RealAudio content.

Content types don't apply to other protocols, including secure Web traffic (HTTPS).

Content types can include both MIME types (like application/winhlp for Windows Help files) and file extensions (like .hlp for the same Windows Help files). In HTTP requests, MIME type is always used first; if the type isn't available, file extensions are used. FTP always uses file extensions.

To ensure you are targeting the right content, designate both the MIME type and file extensions in your content type.

ISA Server comes with 11 predefined content types. For more information about those types see the ISA Server Help file.

Creating a Content Type

You can also create content types to designate certain types of application characteristics. Follow these instructions:

1. In the ISA Server Management console tree, click Firewall Policy.

2. On the Toolbox tab in the task pane, click Content Types, then click New. You will see and configure the New Content Type Set dialog box shown in Figure 7-4.

3. In the Name text box, type a descriptive name.

4. In the Description text box, enter a description of the item.

5. In the Available Types drop-down list box, you can either choose from the existing list of types provided, or type a MIME type or a file extension. You can use one wildcard with each MIME extension if you choose (for example, typing model/* to indicate all MIME types that begin with model).

   Note

   You cannot use wildcards with file extensions.

6. Click Add to populate the Selected Types list. Should you wish to remove a type, select that type in the Selected Types list and click Remove.

7. Click OK to finish creating a new content type.

8. Click Apply to commit the new content type to the ISA Server configuration, and then click OK.

Figure 7-4: Defining a new content type—like this example where we're defining Pointcast news data—allows you to control traffic based on application type, which is defined by MIME types or file extensions.