I have taken steps to prevent software from being downloaded from the Internet as it was being abused by students. This was implemented using ISA 2006's Content Type filter condition "Application". Amongst many other MIME types it included application\octet-stream.
This hasn't proven a problem for the most part, most web-servers provide a less generic content-type for productivity application type documents. There is one web-site however which appears to return the Content-Type: application\octet-stream for a redirect page. You can see this using Fiddler2 and going to the Brighton University home page then clicking Student Central, this redirects to the HTTPS site that hosts the Student Central Portal.
I suspect this is a miss-configuration on the server and the workaround (go directly to the SSL site) works; however I have a couple of questions:
- Is it effective to block "application\octet-stream" are there many web-servers which actually use application\octet-stream as a Content-Type for executable content. I can't seem to use ISA server to report on Content-Types.
- Is there a rational reason why "application\octet-stream" would be used as a Content-Type for a redirection, the only thing I can think of is some old browsers older versions of IE and Netscape can't handle application\octet-stream and thus won't process the re-direct… this would seem like a poor substitute for browser detection and redirection.
Any further thoughts appreciated.
Best Answer
It seems that some webservers still deliver javascript and css as octet-stream data instead of setting their correct mime-types.
In this case, I wonder if the Blackboard VLE on that site has something to do with it?
Or is it setting application\octet-stream for sending some SSL data prior to changing to a SSL connection to the web server?
According to an old microsoft KB article, some webservers encode 302 redirects as application\octet-stream. It doesn't say why though...