Whitelist Java Traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Whitelist Java Traffic

Not applicable

Good morning,

I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's & domains to whitelist Java traffic & block everything else?  And if so, can I then write any kind of regex to match specific java versions, say if we have an older version of Java that is required for a specific app for a specific site (or if its only internal and I want to block that specific older version for everyone?)?

Thanks for your help.

Kevin

1 accepted solution

Accepted Solutions

L4 Transporter

You can do that with the custom URL categories and data/file blocking profiles.

The only problem is the Java spec is written so that JAR files may look like ZIP files.

View solution in original post

6 REPLIES 6

L4 Transporter

You can do that with the custom URL categories and data/file blocking profiles.

The only problem is the Java spec is written so that JAR files may look like ZIP files.

Thanks.  So I create a custom URL Category called Allow_Java and then I create a Data Block rule for blocking .JAR files.  How do I tie bypass the Data Block rule just for Allow_Java sites?

Thank you.

It would be two rules. One rule to allow Java on the Allow_Java category and then a second rule to block the JAR files from everywhere else (but you might still have that ZIP file problem).

After reading about the attack (Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:...) you might want to look at the Drive-By Download feature. And make sure you're updated to Content Release 349.

Message was edited by: Matthew Harding

Thanks, I will look into that as well.  For our long term Java strategy, part of it is going to be only allowing Java to known sites we need to interact with so the blocking is helpful too.

So, sorry to need continued direction, but I have created a File Block for JAR files & a Custom URL Category for allowed sites.  I then create a rule allowing traffic to the allowed sites over HTTP & HTTPS, then I create a second rule for everything and link the File Block  to it - is that correct? 

Thanks.

Kevin

Correct, but make sure your allow rule is above your blocked rule.

So it would kind of look like:

Allowed Java Traffic over HTTP/HTTPS

Blocked Java Traffic over HTTP/HTTPS

And if you aren't using SSL Decryption, the file blocking might not work on the HTTPS traffic.

L0 Member
If you need to allow more through , tweak a base whitelist with:
  1. addTags(java. lang. String...)
  2. addAttributes(java. lang. ...
  3. addEnforcedAttribute(java. lang. ...
  4. addProtocols(java. lang.

For More Visit :- Java 

  • 1 accepted solution
  • 5129 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!