I have developed and made available modifications to the TIS Firewall
Toolkit http-gw proxy, which allow an installation to set up policies to
screen either or both of Java and JavaScript, with the ability to select by
IP address of the client which protection level you desire.
It is applied as a patch against the 1.4 version of http-gw (latest on TIS
ftp site ftp.tis.com).
See http://www.hdshq.com/fixes/fwtk/welcome.html for details and
downloadable patches, man pages and documentation.
It can be installed in front of a caching server, BTW, so that the caching
server holds screened HTML for internal users, or it can act as the sole
proxy. For those not familiar with the TIS toolkit, it supports both proxy
aware and proxy unaware clients.
This allows internal use of JavaScript and/or Java, without the forced
march of all users to the new version of the week every time a new security
exposure is revealed.
Enjoy. I will be vacationing for two weeks, so please understand if I dont
respond to any email in the interim.
Carl V Claunch
Hitachi Data Systems
|
|
