Great Circle Associates Firewalls
(August 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewall Java blocking
From: "James Croall" <jcroall @ smiley . mitre . org>
Date: Thu, 01 Aug 1996 07:34:23 -0400
To: "Steve Betts" <Steve_Betts @ ccmailgw . biss . co . uk>
Cc: firewalls @ greatcircle . com
In-reply-to: Your message of "Thu, 01 Aug 1996 08:29:38 GMT." 
In message <9607018389 .
 AA838914258 @
 ccmailgw .
 biss .
 co .
 uk>, "Steve Betts" writes:
>I understand how a firewall might be configured to block Java or ActiveX 
>executable files, by looking at the file extension. How does a firewall 
>understand what is JavaScript or VBScript when that code is simply part 
>of a comment in an HTML document? Does it now have to be an HTML 
>interpreter as well?

Yes, it has to parse the HTML as well. JavaScript and VBScript aren't merely
inside comments, they also have a <script> tag that tells the client what
language they're written in.

If the server parses the HTML and applys rules to it before handing it to the
client, it can actually remove the <applet>, <object>, and <script> tags as
well as things like JavaScript's event handlers. It certainly does introduce
a performance hit, but if the server can cache these preprocessed files it
may speed things up a bit.

- James
Indexed By Date Previous: Re: How secure is xinetd's binding to specific interfaces
From: Don Lewis <Don . Lewis @ tsc . tdk . com>
Next: Re: SSL, port 442, https
From: Tony Iannotti <tony @ fozzie . secapl . com>
Indexed By Thread Previous: Re: Firewall Java blocking
From: Brian Hatch <bri @ ifokr . org>
Next: Re: How secure is xinetd's binding to specific interfaces
From: Don Lewis <Don . Lewis @ tsc . tdk . com>
Google
 
Search Internet Search www.greatcircle.com