https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40173#M29466 <HTML><HEAD></HEAD><BODY><P>Good morning,</P><P></P><P>I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's &amp; domains to whitelist Java traffic &amp; block everything else?&nbsp; And if so, can I then write any kind of regex to match specific java versions, say if we have an older version of Java that is required for a specific app for a specific site (or if its only internal and I want to block that specific older version for everyone?)?</P><P></P><P>Thanks for your help.</P><P></P><P>Kevin</P></BODY></HTML> Mon, 14 Jan 2013 17:59:23 GMT Kevin_Holleran 2013-01-14T17:59:23Z https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40173#M29466 <HTML><HEAD></HEAD><BODY><P>Good morning,</P><P></P><P>I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's &amp; domains to whitelist Java traffic &amp; block everything else?&nbsp; And if so, can I then write any kind of regex to match specific java versions, say if we have an older version of Java that is required for a specific app for a specific site (or if its only internal and I want to block that specific older version for everyone?)?</P><P></P><P>Thanks for your help.</P><P></P><P>Kevin</P></BODY></HTML> Mon, 14 Jan 2013 17:59:23 GMT https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40173#M29466 Kevin_Holleran 2013-01-14T17:59:23Z https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40174#M29467 <HTML><HEAD></HEAD><BODY><P>You can do that with the custom URL categories and data/file blocking profiles.</P><P></P><P>The only problem is the Java spec is written so that JAR files may look like ZIP files. </P></BODY></HTML> Mon, 14 Jan 2013 18:57:56 GMT https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40174#M29467 mharding 2013-01-14T18:57:56Z https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40175#M29468 <HTML><HEAD></HEAD><BODY><P>Thanks.&nbsp; So I create a custom URL Category called Allow_Java and then I create a Data Block rule for blocking .JAR files.&nbsp; How do I tie bypass the Data Block rule just for Allow_Java sites?</P><P></P><P>Thank you.</P></BODY></HTML> Mon, 14 Jan 2013 19:41:26 GMT https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40175#M29468 Kevin_Holleran 2013-01-14T19:41:26Z https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40176#M29469 <HTML><HEAD></HEAD><BODY><P>It would be two rules. One rule to allow Java on the Allow_Java category and then a second rule to block the JAR files from everywhere else (but you might still have that ZIP file problem).</P><P></P><P>After reading about the attack (<A href="http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html" title="http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html">Malware Intelligence Lab from FireEye - Research &amp; Analysis of Zero-Day &amp; Advanced Targeted Threats:Zero-Day Season is Not Over Yet</A>) you might want to look at the Drive-By Download feature. And make sure you're updated to Content Release 349.</P><P></P><P>Message was edited by: Matthew Harding</P></BODY></HTML> Mon, 14 Jan 2013 20:06:16 GMT https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40176#M29469 mharding 2013-01-14T20:06:16Z https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40177#M29470 <HTML><HEAD></HEAD><BODY><P>Thanks, I will look into that as well.&nbsp; For our long term Java strategy, part of it is going to be only allowing Java to known sites we need to interact with so the blocking is helpful too.</P><P></P><P>So, sorry to need continued direction, but I have created a File Block for JAR files &amp; a Custom URL Category for allowed sites.&nbsp; I then create a rule allowing traffic to the allowed sites over HTTP &amp; HTTPS, then I create a second rule for everything and link the File Block&nbsp; to it - is that correct?&nbsp; </P><P></P><P>Thanks.</P><P></P><P>Kevin</P></BODY></HTML> Mon, 14 Jan 2013 20:22:02 GMT https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40177#M29470 Kevin_Holleran 2013-01-14T20:22:02Z https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40178#M29471 <HTML><HEAD></HEAD><BODY><P>Correct, but make sure your allow rule is above your blocked rule.</P><P></P><P>So it would kind of look like:</P><P></P><P>Allowed Java Traffic over HTTP/HTTPS</P><P>Blocked Java Traffic over HTTP/HTTPS</P><P></P><P>And if you aren't using SSL Decryption, the file blocking might not work on the HTTPS traffic.</P></BODY></HTML> Mon, 14 Jan 2013 21:44:09 GMT https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/40178#M29471 mharding 2013-01-14T21:44:09Z https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/465355#M102575 <DIV class=""><DIV class=""><STRONG>If you need to allow more through , tweak a base whitelist with:</STRONG></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><DIV><DIV class=""><DIV class=""><DIV class=""><OL class=""><LI>addTags(java. lang. String...)</LI><LI>addAttributes(java. lang. ...</LI><LI>addEnforcedAttribute(java. lang. ...</LI><LI>addProtocols(java. lang.</LI></OL><P>For More Visit :- <A href="https://sites.google.com/jamesknows.com/javatraining/home" target="_blank" rel="noopener">Java&nbsp;</A></P></DIV></DIV></DIV></DIV></DIV></DIV></DIV> Sat, 12 Feb 2022 15:31:47 GMT https://live.paloaltonetworks.com/t5/general-topics/whitelist-java-traffic/m-p/465355#M102575 Priya_soni 2022-02-12T15:31:47Z