Firewall Wizards mailing list archives
Re: Java Sockets and Firewalls
From: Steve Kann <stevek () SteveK COM>
Date: Tue, 2 Jun 1998 15:24:18 -0400
On Mon, May 11, 1998 at 12:32:43PM +0100, Justin Mason wrote:
(accidentally lost the attribution for this first paragraph):* If a java applet is retrieved through a proxy server, does the browser consider it downloaded from the proxy or the actual server? Are there any problems given the network security sandbox and issues such as proxy servers or routers which perform network address translation?The browser considers it downloaded from the actual server. This means that the applet will only be able to connect to the same server hostname (note: stringwise comparison, so connecting to "realname.iona.com" will not be allowed if the applet was downloaded from "www.iona.com"). This raises an issue: if there are proxy servers the applet will not be able to connect via them, unless they are transparent (a la NAT) or the applet is signed (in which case it can connect to any host). This is why so many java applets use HTTP, and the built-in HTTP support classes java.net.URL and java.net.URLConnection, to communicate with their servers; the built-in classes can generally use the browser's HTTP layer and will therefore use the appropriate HTTP proxies.
Sorry to hash up such an old thread, but I've been seeing some issues, and I think it's time to see if others share my experiences. I'm developing a chat-based system which I hope will be able to traverse most "typical" corporate firewalls. In it's most "firewall-friendly" mode, the applet uses UrlConnection(s) to talk to a cgi on the originating server. I've tested this through our own proxy server, both in a transparent environment (the browser is not configured to use a proxy, but the proxy intercepts the HTTP requests), and in a specifically configured more, and it seems to work just as expected. I've gotten a couple of reports, (and have seen in my logs) instances where the UrlConnection is failing. This occurred with IE4 and Netscape 4 on Win32 platforms. It is not that their proxy is stripping or blocking Java applets, because the applet does load, and does give an error message. I'd appreciate it if anyone has any advice for me, or if those of you working on, or behind various types of firewalls could give my applet a go, and let me know what happens.. You can get to it via http://demo.horizonlive.com/ or, perhaps quicker via http://demo.horizonlive.com/dls/launcher.cgi (saves you one click). It should work on Win32:(ie3.02+, ns3.0+), Unix(ns3.0+), Mac(ns3.0+), through firewalls that allow java and javascript. Thanks! -SteveK -- Steve Kann - Horizon Live Distance Learning - 841 Broadway, Suite 502 Personal:stevek () SteveK COM Business:stevek () HorizonLive com (212) 533-1775 I don't want your product or service, and I don't want to make money fast, so please don't send me your junk mail telling me about any of it.
Current thread:
- Re: Java Sockets and Firewalls Steve Kann (Jun 02)
- Re: Java Sockets and Firewalls Bernhard Schneck (Jun 03)