We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

How to bypass proxy authentication for Java applications

  • Type: Knowledgebase
  • Date changed: 5 months ago
Solution #00005329 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x
- netfence firmware versions 4.2.x

 
Symptoms:
Java applications may malfunction if the http proxy service requires authentication, especially with MS-CHAP authentication as Java does not support it.

 
Solution:
Depending on the installed java version or the code of the application, the java engine is sometimes unable to handle the HTTP-code 407 "Authentication Required" correctly. The resulting failed authentication causes the http service to block the request.

 

Exempt the java queries from authentication. Create an ACL Entry of the type "browser", with the entries for java, and combine it with an allow "Action" prior to the used authentication "Action".

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 




Attention: If URL-Filter is used and configured for filtering upon groups or users keep in mind that the Java-Applications do not have any authentication information any more. So they will match most time in default-999999 group which blocks all requests.





























Big green square: the pagerequest, browser authenticates with MS-CHAP, therefore URL-Filter-configuration 1000 matches (small orange squares).
Big red square: Java-Applet tries, has no authentication and therefore URL-Filter-configuration 999999 matches (small blue squares) - and get blocked.


To allow them create in the 999999 configuration a whiltelist with the sites you want to bypass.




 









































Big green square: the pagerequest, browser authenticates with MS-CHAP, therefore URL-Filter-configuration 1000 matches (small orange squares).
Big red square: Java-Applet tries, has no authentication and therefore URL-Filter-configuration 999999 matches (small blue squares) - this time the site is whitelisted in 999999 configuration and therefore the communication is allowed..



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKbyAAG