[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: [NTSEC] ActiveX, MSIE and Quicken
From:       "William M. Perry" <wmperry () aventail ! com>
Date:       1997-02-09 16:51:17
[Download RAW message or body]

>Presumably, one answer is for the firewall companies to write additional
>application layer filters for port 80, looking for ActiveX or Java
>downloads.  This would make configuration of the firewall a bit more
>complex.  Don't know if any of 'em are considering this yet.  Anyone have
>any scoop on this?

  You can do this with the aventail socks server right now, with the HTTP
filter, you can specify a second-layer of filtering based on the
content-type of the document being retrieved.  For text/html, you can
specify tags and attributes that should be removed from the source.  Its
trivial to have this remove scripting and object embedding stuff.

  I plan on writing a plugin to filter Java/Active-X that will check
signatures, etc.  Just have to find the time.

  You can get more info on the http filter and/or aventail's products at
http://www.aventail.com/, or email me directly, as I wrote the filter.

-Bill P.

[prev in list] [next in list] [prev in thread] [next in thread]