I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's & domains to whitelist Java traffic & block everything else? And if so, can I then write any kind of regex to match specific java versions, say if we have an older version of Java that is required for a specific app for a specific site (or if its only internal and I want to block that specific older version for everyone?)?
Thanks for your help.
Solved! Go to Solution.
Thanks. So I create a custom URL Category called Allow_Java and then I create a Data Block rule for blocking .JAR files. How do I tie bypass the Data Block rule just for Allow_Java sites?
It would be two rules. One rule to allow Java on the Allow_Java category and then a second rule to block the JAR files from everywhere else (but you might still have that ZIP file problem).
After reading about the attack (Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:...) you might want to look at the Drive-By Download feature. And make sure you're updated to Content Release 349.
Message was edited by: Matthew Harding
Thanks, I will look into that as well. For our long term Java strategy, part of it is going to be only allowing Java to known sites we need to interact with so the blocking is helpful too.
So, sorry to need continued direction, but I have created a File Block for JAR files & a Custom URL Category for allowed sites. I then create a rule allowing traffic to the allowed sites over HTTP & HTTPS, then I create a second rule for everything and link the File Block to it - is that correct?
Correct, but make sure your allow rule is above your blocked rule.
So it would kind of look like:
Allowed Java Traffic over HTTP/HTTPS
Blocked Java Traffic over HTTP/HTTPS
And if you aren't using SSL Decryption, the file blocking might not work on the HTTPS traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!