Microsoft Internet Security and Acceleration (ISA)
Server 2006 takes the following actions to determine content
type:
ISA Server receives the Web server response and checks whether
it includes the content-type header.
If the content-type header is in the response, ISA Server
compares the header value to the content type policy settings.
If the response does not contain the content-type header, ISA
Server compares the extension of the requested URL to the content
type policy.
If the URL does not contain an extension, ISA Server concludes
that there is no match between the content type and the rule.
Note
The content type is not always present in the URL or response
header. For this reason, configuring an access rule using content
types may result in unforeseen behavior of your firewall
policy.