RE: Cisco FW and HTTP Java applet

Fri, 30 Mar 2001 06:14:59 -0800 

This is IOS firewall? 

 ip inspect name (whatever) http java-list 51 

 access-list 51 permit any


Hope this helps and I found this info myself somewhere on Cisco.com 
Cory


-----Original Message-----
From: eto [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 30, 2001 7:51 AM
To: [EMAIL PROTECTED]
Subject: Cisco FW and HTTP Java applet


I get problem to Web Page with Java applet.
I does not show pop-up menu on the side (for example) but just only grey 
color (depending on the color of menu)

ckeck log at cisco router running 12.1.5


Mar 30 15:27:56.743: %FW-3-HTTP_JAVA_BLOCK: JAVA applet is blocked from 
(195.18.19
1.20:80) to (10.24.3.30:2194).
Mar 30 15:27:56.747: %FW-6-SESS_AUDIT_TRAIL: http session initiator 
(10.24.3.30:21
94) sent 278 bytes -- responder (195.18.191.20:80) sent 0 bytes
Mar 30 15:27:56.755: %SEC-6-IPACCESSLOGP: list internet denied tcp 
195.18.191.20(8
0) (Serial1/0:1 *PPP*) -> x.x.x.x(2194), 1 packet
Mar 30 15:27:57.291: %FW-3-HTTP_JAVA_BLOCK: JAVA applet is blocked from 
(195.18.19
1.20:80) to (10.24.3.30:2197).


It sounds Java applet is blocked by router
I don't have any ACL for Java

Look at cisco CBAC page

Java Inspection

With Java, you must protect against the risk of users inadvertently 
downloading destructive applets into your network. To protect against
this risk, you could require all users to disable Java in their browser. If 
this is not an agreeable solution, you can use CBAC to filter Java
applets at firewall, which allows users to download only applets residing 
within the firewall and trusted applets from outside the firewall.

Java inspection enables Java applet filtering at the firewall. Java applet 
filtering distinguishes between trusted and untrusted applets by
relying on a list of external sites that you designate as "friendly." If an 
applet is from a friendly site, the firewall allows the applet through. If
the applet is not from a friendly site, the applet will be blocked. 
Alternately, you could permit applets from all sites except for sites
specifically designated as "hostile."

How can I make Java applet filtering ?

Kim

_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to