>
> So maybe, just throwing away the Content-Type header from an HTTP
> responses, could still allow the browser to identify/access the data, while
> avoiding the Iranian filter to detect it?
That is solid advice, however, I suspect most the streaming media sites
that would pay such special attention to Iran are likely already, directly
blocked. Moreover, another percentage of them are probably located on CDNs
or shared hosts where they don't have such control. Such time may be more
efficiently allocated to push people into anti-filter and anonymity tools.
The value of the Toman to the American Dollar is 25% of what it was last
year, foreign bank accounts are being closed due to US/EU sanctions, the
government is not clear on why it blocked Google for a week, DNS is being
hijacked and now people cannot access audio/video/flash media -- if tool
makers cannot sell the Iranian public on their free services now, man I
don't know.
On Sat, Oct 6, 2012 at 4:45 PM, Fabio Pietrosanti (naif) <
li...@infosecurity.ch> wrote:
> On 10/6/12 10:36 PM, Collin Anderson wrote:
>
> File extension in URL requested, Content-Type or are they even finding
>> their own Content-Type?
>
>
> You are correct, all that it took to trigger the blocking was a php file
> with the following:
>
> header("Content-Type: audio/mpeg");
>
> The server was adding the content-type header to the returned request
> because of the file extension.
>
>
> Ok.
>
> Many modern browser have their own way to detect mime content type, what
> is called "mime sniffing", regardless of what the server say:
>
> * MSIE http://msdn.microsoft.com/en-us/library/ms775148%28v=vs.85%29.aspx
> * Mozilla
> https://developer.mozilla.org/en-US/docs/How_Mozilla_determines_MIME_Types
> * Chrome
> http://neugierig.org/software/chromium/notes/2009/01/mime-sniffing.html
>
> So maybe, just throwing away the Content-Type header from an HTTP
> responses, could still allow the browser to identify/access the data, while
> avoiding the Iranian filter to detect it?
>
> -naif
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
