It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-8)

Email Security Gateway

Forensics & Incident Response

Message Archiver

Cloud Archiving Service

Total Email Protection

CloudGen Firewall

Firewall Insights

Network Access Client

Web Security Gateway

CloudGen Access

Web Security Agent

Web Application Firewall

WAF Control Center

WAF-as-a-Service

Vulnerability Manager

Vulnerability Remediation Service

Active DDoS Prevention

Load Balancer ADC

Cloud Security Guardian

Reporting Server

Firewall Policy Manager

Cloud-to-Cloud Backup

Managed Workplace

Intronis Backup

NextGen Firewall X

Reference / FAQ

TechSummit 2019

Network Security

Barracuda NextGen Firewall X

Overview Documentation Materials

Email Security Gateway

Forensics & Incident Response

Message Archiver

Cloud Archiving Service

Total Email Protection

CloudGen Firewall

Firewall Insights

Network Access Client

Web Security Gateway

CloudGen Access

Web Security Agent

Web Application Firewall

WAF Control Center

WAF-as-a-Service

Vulnerability Manager

Vulnerability Remediation Service

Active DDoS Prevention

Load Balancer ADC

Cloud Security Guardian

Reporting Server

Firewall Policy Manager

Cloud-to-Cloud Backup

Managed Workplace

Intronis Backup

NextGen Firewall X

Reference / FAQ

TechSummit 2019

Network Security

Login Sign Up Contact & Support

United States – English (GMT-8)

Back to Knowledgebase

How to bypass proxy authentication for Java applications

Type: Knowledgebase
Date changed: one year ago

Solution #00005329

Scope:

This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x
- netfence firmware versions 4.2.x

Symptoms:

Java applications may malfunction if the http proxy service requires authentication, especially with MS-CHAP authentication as Java does not support it.

Solution:

Depending on the installed java version or the code of the application, the java engine is sometimes unable to handle the HTTP-code 407 "Authentication Required" correctly. The resulting failed authentication causes the http service to block the request.

Exempt the java queries from authentication. Create an ACL Entry of the type "browser", with the entries for java, and combine it with an allow "Action" prior to the used authentication "Action".

Attention: If URL-Filter is used and configured for filtering upon groups or users keep in mind that the Java-Applications do not have any authentication information any more. So they will match most time in default-999999 group which blocks all requests.

Big green square: the pagerequest, browser authenticates with MS-CHAP, therefore URL-Filter-configuration 1000 matches (small orange squares).
Big red square: Java-Applet tries, has no authentication and therefore URL-Filter-configuration 999999 matches (small blue squares) - and get blocked.

To allow them create in the 999999 configuration a whiltelist with the sites you want to bypass.

Big green square: the pagerequest, browser authenticates with MS-CHAP, therefore URL-Filter-configuration 1000 matches (small orange squares).
Big red square: Java-Applet tries, has no authentication and therefore URL-Filter-configuration 999999 matches (small blue squares) - this time the site is whitelisted in 999999 configuration and therefore the communication is allowed..

Link to This Page:

https://campus.barracuda.com/solution/50160000000IKbyAAG

Additional Resources

More

Print Share Page