We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information

Accept

It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Security Gateway

Forensics & Incident Response

Message Archiver

Cloud Archiving Service

Total Email Protection

CloudGen Firewall

Firewall Insights

NextGen Firewall X

Network Access Client

Web Security Gateway

Web Security Agent

Web Application Firewall

WAF Control Center

WAF-as-a-Service

Vulnerability Manager

Vulnerability Remediation Service

Active DDoS Prevention

Load Balancer ADC

Cloud Security Guardian

Reporting Server

Cloud-to-Cloud Backup

Managed Workplace

Intronis Backup

Reference / FAQ

TechSummit 2019

Barracuda NextGen Firewall X

Overview Documentation Materials

Email Security Gateway

Forensics & Incident Response

Message Archiver

Cloud Archiving Service

Total Email Protection

CloudGen Firewall

Firewall Insights

NextGen Firewall X

Network Access Client

Web Security Gateway

Web Security Agent

Web Application Firewall

WAF Control Center

WAF-as-a-Service

Vulnerability Manager

Vulnerability Remediation Service

Active DDoS Prevention

Load Balancer ADC

Cloud Security Guardian

Reporting Server

Cloud-to-Cloud Backup

Managed Workplace

Intronis Backup

Reference / FAQ

TechSummit 2019

Login Sign Up Contact & Support

United States – English (GMT-5)

Back to Knowledgebase

How to bypass proxy authentication for Java applications

Type: Knowledgebase
Date changed: 5 months ago

Solution #00005329

Scope:

This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x
- netfence firmware versions 4.2.x

Symptoms:

Java applications may malfunction if the http proxy service requires authentication, especially with MS-CHAP authentication as Java does not support it.

Solution:

Depending on the installed java version or the code of the application, the java engine is sometimes unable to handle the HTTP-code 407 "Authentication Required" correctly. The resulting failed authentication causes the http service to block the request.

Exempt the java queries from authentication. Create an ACL Entry of the type "browser", with the entries for java, and combine it with an allow "Action" prior to the used authentication "Action".

Attention: If URL-Filter is used and configured for filtering upon groups or users keep in mind that the Java-Applications do not have any authentication information any more. So they will match most time in default-999999 group which blocks all requests.

Big green square: the pagerequest, browser authenticates with MS-CHAP, therefore URL-Filter-configuration 1000 matches (small orange squares).
Big red square: Java-Applet tries, has no authentication and therefore URL-Filter-configuration 999999 matches (small blue squares) - and get blocked.

To allow them create in the 999999 configuration a whiltelist with the sites you want to bypass.

Big green square: the pagerequest, browser authenticates with MS-CHAP, therefore URL-Filter-configuration 1000 matches (small orange squares).
Big red square: Java-Applet tries, has no authentication and therefore URL-Filter-configuration 999999 matches (small blue squares) - this time the site is whitelisted in 999999 configuration and therefore the communication is allowed..

Link to This Page:

https://campus.barracuda.com/solution/50160000000IKbyAAG