For some reason I decided that today was a good day to figure out how to block certain file extensions from being accessible over the web. This could be very useful, for instance, if you are trying to prevent a particular exploit that utilizes a particular file extension for its payload.
To do this go to the rule that allows inbound web traffic and double-click it.Click the "Protocols" tabClick "Filtering"Click "Configure HTTP"Click the "Extensions" tab
Here is where you have to make the choice of what to block. If you have some time, it would be really good to enumerate good things here and block everything else. What might be good? The following probably are:
So obviously, if we are worried about a particular attack, we'll select "Block specified extensions (allow all others)" in the drop-down listClick AddIn the "Extension" box type the name of the extension, such as "WMF" (without the quotes)Click "OK" twice and then click Apply.
If you want to verify whether the filter works go to http://www.protectyourwindowsnetwork.com/test-wmf.htm. If the picture on that page is blocked your filter probably worked.