Whitelist Java Traffic

Reply
Highlighted
Not applicable

Whitelist Java Traffic

Good morning,

I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's & domains to whitelist Java traffic & block everything else?  And if so, can I then write any kind of regex to match specific java versions, say if we have an older version of Java that is required for a specific app for a specific site (or if its only internal and I want to block that specific older version for everyone?)?

Thanks for your help.

Kevin

Tags (3)

Accepted Solutions
Highlighted
L4 Transporter

You can do that with the custom URL categories and data/file blocking profiles.

The only problem is the Java spec is written so that JAR files may look like ZIP files.

View solution in original post


All Replies
Highlighted
L4 Transporter

You can do that with the custom URL categories and data/file blocking profiles.

The only problem is the Java spec is written so that JAR files may look like ZIP files.

View solution in original post

Highlighted
Not applicable

Thanks.  So I create a custom URL Category called Allow_Java and then I create a Data Block rule for blocking .JAR files.  How do I tie bypass the Data Block rule just for Allow_Java sites?

Thank you.

Highlighted
L4 Transporter

It would be two rules. One rule to allow Java on the Allow_Java category and then a second rule to block the JAR files from everywhere else (but you might still have that ZIP file problem).

After reading about the attack (Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:...) you might want to look at the Drive-By Download feature. And make sure you're updated to Content Release 349.

Message was edited by: Matthew Harding

Highlighted
Not applicable

Thanks, I will look into that as well.  For our long term Java strategy, part of it is going to be only allowing Java to known sites we need to interact with so the blocking is helpful too.

So, sorry to need continued direction, but I have created a File Block for JAR files & a Custom URL Category for allowed sites.  I then create a rule allowing traffic to the allowed sites over HTTP & HTTPS, then I create a second rule for everything and link the File Block  to it - is that correct? 

Thanks.

Kevin

Highlighted
L4 Transporter

Correct, but make sure your allow rule is above your blocked rule.

So it would kind of look like:

Allowed Java Traffic over HTTP/HTTPS

Blocked Java Traffic over HTTP/HTTPS

And if you aren't using SSL Decryption, the file blocking might not work on the HTTPS traffic.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!