Wednesday, September 8, 2010

Filtering JSP and Flash (SWF) with the Vordel Gateway

As well as filtering API and SOA traffic, the Vordel Gateway can also filter more traditional Web traffic such as JSP (Java Server Pages), images (e.g. JPGs) and Flash files (SWFs) such as those used by Adobe Flex. To illustrate this, in the screenshot below I am accessing a JSP through an SSL interface being provided by the Vordel Gateway. The JSP serves out an Adobe Flex apps as a Flash (SWF) object, and also a JPEG image. The Vordel Gateway is layering on SSL in front of a back-end JSP which is being served out over HTTP.

Now, if I try to put a Cross-Site Scripting attack into the JSP invocation, the Vordel Gateway detects and blocks this, and all I see is the 403 "Access Denied" message:

Over on the Vordel Gateway's Real-Time Monitoring, I can see clearly that the JSP request was blocked because of the detection of harmful content in the request. I can also make use of Real-Time Monitoring to see the response times my JSP pages are providing, as well as any alerts being raised by the Vordel Gateway.

For more info about the management of Adobe Flex and JSP pages, contact Vordel at