[Java Filter Home Page] [SIP Home Page]
2. Advanced Control
3. Matching URLs
4. Manually Changing the Database
5. Protecting Your Intranet
When you first come across an applet that you haven't visited before, the following dialog will pop up:
It displays the URL the applet is about to be loaded from, and asks you to answer two questions:
Note that during a browser session, you will usually not be asked again for a specific applet. If you choose to make the settings permanent, then the applet in question will always be allowed on your system (or be denied entrance - depending on what you chose). See below for how you can manually override these settings.
You can have more advanced control over which applets should be allowed into your system, and which applets should be blocked. When you click on the "Advanced" tab bar, the dialog changes:
The upper half of the dialog lets you answer the same questions that you saw in the easy version. Again, you can decide whether the applet from the shown URL should be downloaded or not, and whether you would like to make these changes permanent:
Notice that the field displaying the URL is editable. You can change this URL to whatever you like. In the future, the browser will check against this URL to decide whether or not to download applets. If it finds an applet that matches this URL, then it will see whether or not you wanted the applet to be executed.
The lower half of the dialog shows you the URLs known so far to the system, and what decisions you made about them:
Whenever your browser comes across a Java applet, it will check to see whether any of the URLs in its database match the URL of the applet in question. Doing so, it will search the database from top to bottom. As soon as it finds a match, it will apply whatever rule was specified for that URL. If you want the new URL to be considered early in this process, you can move it up in the database (and back down again, if you wish).
What does it mean for a given applet to match a certain URL? If the URL covers the actual location of the applet in question, then this is considered a match, for example:
So, in the picture above, all applets from www.javasoft.com are denied access, except an applet called "WordMatch". You can edit the URL field in order to preclude/allow a whole set of applets with just one dialog by removing directory names from the end of the URL. If you changed, for example, the displayed URL http://www.earthweb.com/java/Thingy to http://www.earthweb.com/ then that would in the future deny (or allow, if you wish) all applets from that site.
What if you find that your browser keeps denying an applet that you would wish to see or allows applets in that you suspect are harmful to your system? This is because at some point in the past you have told the browser to do so plus you decided to make these settings permanent. The database is stored in human readable form in a file and can easily be modified by you. The file is called _urlfilter.dat and is in the current user's "personal files" folder. Under Windows 95, this is the "My Documents" folder accessible from your desktop. Under Windows NT, this is a folder called "profiles\<username>\personal" in the Windows NT directory. If you can't find it, search for the file _urlfilter.dat from the Start menu.
You can open this file in your favorite text editor and manually change the contents of the database. The file corresponding to the above picture would look something like this:
+http://www.javasoft.com:80/applets/WordMatch/ -http://www.javasoft.com/ +http://www.packet.com/java/hotwired/ -http://www.earthweb.com/java/Thingy/ -http://www.cruzio.com/~sabweb/arcade/
As you can see, the URLs of the database are listed in their order of priority. A '+'-signs denotes acceptance of applets matching that URL, a '-'-sign denotes denial. You can go ahead and change lines, delete lines, or add lines to the file. Please observe the following rules, though:
So, in the example above, if we wanted to lift the ban on applets from JavaSoft, we would delete the second line in the file, and save it. Note that your browser must not run while you edit the file. Otherwise it will override your changes.
Often, it is desirable not to let applets from outside the firewall into your intranet, but keep full Java functionality for applets of your own organization. Firewalls can not give full protection against applets from the outside. But it is very easy to use the Java Filter to achieve the same goal. Assume your company's server is at www.mycompany.com, then if the file _urlfilter.dat contains the following two lines:
+http://www.mycompany.com/ -http:// -ftp:// -https://
your browser will deny access for any applet, even if they come over an FTP or SSL connection, except from your company's server.
[Back to Top] [Java Filter Home Page] [SIP Home Page]