Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Iran blocks MP3, MP4, AVI and SWF files

Fabio Pietrosanti (naif) lists at infosecurity.ch
Sat Oct 6 13:45:22 PDT 2012


On 10/6/12 10:36 PM, Collin Anderson wrote:
>
>     File extension in URL requested, Content-Type or are they even finding
>     their own Content-Type?
>
>
> You are correct, all that it took to trigger the blocking was a php
> file with the following:
>
> header("Content-Type: audio/mpeg");
>
> The server was adding the content-type header to the returned request
> because of the file extension.

Ok.

Many modern browser have their own way to detect mime content type, what
is called "mime sniffing", regardless of what the server say:

* MSIE http://msdn.microsoft.com/en-us/library/ms775148%28v=vs.85%29.aspx
* Mozilla
https://developer.mozilla.org/en-US/docs/How_Mozilla_determines_MIME_Types
* Chrome
http://neugierig.org/software/chromium/notes/2009/01/mime-sniffing.html

So maybe, just throwing away the Content-Type header from an HTTP
responses, could still allow the browser to identify/access the data,
while avoiding the Iranian filter to detect it?

-naif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121006/e7435968/attachment.html>


More information about the liberationtech mailing list