Streaming media filtering

Streaming media filtering ensures that media of this type is detected when it is received on Web Gateway and handled according to your web security policy.

You might, for example, want to block access to streaming media to avoid excessive bandwidth consumption.

No default process for streaming media filtering is implemented on Web Gateway after the initial setup, but you can set up your own process.

Important configuration items to be used in this process include:

  • StreamDetector.IsMediaStream property — Boolean property that is set to true when a web object is recognized as streaming media in the filtering process

  • Default Streaming Detection settings — Default settings for the Stream Detector module, which evaluates web objects and calculates the probability that they are streaming media

When setting up your own process, you can use these items in rules that you insert in an already existing or a newly created rule set.

Process for streaming media filtering

A process for filtering streaming media is based on rules like all other filtering processes that run on Web Gateway.

The most important part of this process is the detection of streaming media among the web traffic that is filtered. Streaming media is usually detected in the response cycle of the filtering process when it is received from web servers that sent it in response to user requests.

The detection of streaming media is the job of the Stream Detector module. This module uses URL categories, content-type headers, source IP addresses, and other information to calculate the probability that a web object is streaming media.

The module is capable of performing this calculation for a large number of streaming media types.

The module is triggered when a rule with the Boolean StreamDetector.IsMediaStream property in its criteria is processed. It sets this property to true when the calculated probability reaches or exceeds a given value. You can configure this value in the settings for the Stream Detector module.

When streaming media is detected, suitable rule actions can block or allow access to it. You can, for example, use these actions to:

  • Block access to streaming media to avoid excessive bandwidth consumption
  • Allow access to streaming media chunk-by-chunk after scanning each chunk for malware

Scanning streaming media and allowing access to it chunk-by-chunk is the job of the Media Stream Scanner, which is a component of the Anti-Malware filtering module. The scanning begins after the Stream Detector has detected that a web object is streaming media.

The default Gateway Anti-Malware rule set contains a rule for enabling this workflow.

Administration of streaming media filtering

To perform streaming media filtering on Web Gateway, you must set up this process on your own because there is no default process.

Using several default configuration items, you can, for example, create rules that block or allow access to streaming media.

Tip: Do not create a separate rule set for streaming media filtering, but insert the rules for this process n suitable other rule sets, for example, in the Media Type Filtering rule set.

Streaming media filtering is usually performed in the response cycle of the filtering process on Web Gateway, where streaming media is received that web servers send in response to user requests. A suitable rule set for use in this cycle and for inserting rules for streaming media filtering into is Download Media Type, which is nested in the Media Type Filtering rule set

Configuration items you can use to create a process for streaming media filtering include:

  • StreamDetector.IsMediaStream property — Boolean property that is set to true when a web object is processed and detected as streaming media

    When this property is set to true, related values are set for two additional properties:

    • StreamDetector.Probability — Probability that a web object is streaming media, for example, 60 or 70 percent

    • StreamDetector.MatchedRule — Name of the rule that was processed with the result that streaming media was detected

    You can insert the additional properties, for example, in logging rules to record what happens during the process for streaming media filtering.

  • Default Streaming Detection settings — Default settings for the Stream Detector module, which calculates the probability that a given web object is streaming media, and sets the StreamDetector.IsMediaStream property accordingly

    These settings include an option to configure the percentage for the probability that must be reached to recognize a web object as streaming media.

The default Gateway Anti-Malware rule set contains a rule that uses the StreamDetector.IsMedaiStream property to find out whether a web object is streaming media.

The rule eventually enables the Media Stream Scanner, which scans this media and allows access to it chunk-by-chunk, as long as no malware is detected.