This is standard functionality - you can use standard Media type rules to do this, but you'll need to enable Composite Openers to detect mime types of parts for multipart/form-data.
To do this with standard rules, you need to go to ruleset "Media type filtering", there is another ruleset "Upload media type" there. There is rule "Block types from list 'Upload media type blocklist'" - just add types that you want to block to this list, and make sure that you enabled rule itself. This method is more reliable than blocking using data from headers.
This works follwoing way:
- When we receive POST request, we see that this is multipart/form-data
- If composite openers are enabled, then we call corresponding handler and start to extract data from POST
- Each extracted object is passed through policy (in embedded cycle), so you can check each object separately and block it, if it match to our condition
But if you want, you can do the same by checking mime headers of form parts - you need to enable composite openers, so we can extract data from form, and then use property Body.MimeHeaderValue if you want to get value of mime header (image/bmp for Content-Type, for example) or Body.MimeHeaderParameterValue to get value of header's parameter ("Proxy_listening.bml", for parameter "filename" of header "Content-Disposition", for example)
Thanks for the quick reply, I tried the former solution and it worked perfectly.