Java Control on the PA

Reply
L0 Member

Java Control on the PA

Hello

One of our client has the requirements to be able to able to monitor/control Java activity from users. I did a bit of check and found that in order to identify Java activity the following would need to be identified:

  • File extension .class
  • File extension .jar
  • File extension .jnlp
  • http response header content-type application/java$


The PA can currently identify the file types .class and .jar. Is there any reason why it does not identify jnlp files?


From my understanding:

> We would need to write a custom signature to identify jnlp files and the http response header

> Due to the 7 byte (min) restriction I am not sure how to identify jnlp files in an app signature. So this would need to be done as a data pattern matching signature

> The http response header can be identified in an application signature

I still have not got around to testing this in our lab. Just wanted to check if this is the right approach. Please feel free to correct/contribute to my understanding.

Thanks & Best Regards,

Vikas

Tags (3)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!