Background
I made a post a few weeks ago on a way to manually defeat Java Application Blocked issues when trying to connect to various iKVM interfaces. Today I re-installed Windows 10 and lost my old exceptions.list file which had gotten pretty big.
I read Terry Kennedy's comment that the actual list is found in exception.sites here. From that post the plain text file with one line per allowed IP + http or https combo can be found in a Windows directory.
As a result, I made a little Python loop to just iterate through IP addresses. Nothing fancy.
I added lines for http and https and then just do /24's (1-254) in each IP range. You can add more or remote lines and change IP ranges as you see fit. You can also loop more than just the last digit following a similar structure. I did leave 255 out since it is usually a broadcast IP.
How you can do the same
Step 1 - make a little python file. I call mine byejava.py and this is the contents (I removed a bunch of IP ranges but here is the idea):
Step 2 - I then, from the command line, run the python script and create my new list
I can then move the output exception.sites file and replace the existing exception.sites file here:
Step 3 - stop adding IPs 1 by 1
No more Java Application Blocked issues on internal management interfaces. Of course, this does create a big security hole since it effectively disables this security feature on private networks. Still, it saves a TON of time, especially if you are adding new gear and maintaining exception lists across PCs. I have 6 commonly used /24's that get DHCP addresses for IPMI devices. I tried http://10.0.1.* but that did not work so this is an easy way to open up entire address ranges.
I made a post a few weeks ago on a way to manually defeat Java Application Blocked issues when trying to connect to various iKVM interfaces. Today I re-installed Windows 10 and lost my old exceptions.list file which had gotten pretty big.
I read Terry Kennedy's comment that the actual list is found in exception.sites here. From that post the plain text file with one line per allowed IP + http or https combo can be found in a Windows directory.
As a result, I made a little Python loop to just iterate through IP addresses. Nothing fancy.
I added lines for http and https and then just do /24's (1-254) in each IP range. You can add more or remote lines and change IP ranges as you see fit. You can also loop more than just the last digit following a similar structure. I did leave 255 out since it is usually a broadcast IP.
How you can do the same
Step 1 - make a little python file. I call mine byejava.py and this is the contents (I removed a bunch of IP ranges but here is the idea):
Code:
for x in range (1,254):
print ("http://192.168.1." + str(x))
print ("https://192.168.1." + str(x))
print ("http://10.0.1." + str(x))
print ("https://10.0.1." + str(x))
Code:
py byejava.py > exception.sites
Code:
\Users\username\AppData\LocalLow\Sun\Java\Deployment\security
Step 3 - stop adding IPs 1 by 1
No more Java Application Blocked issues on internal management interfaces. Of course, this does create a big security hole since it effectively disables this security feature on private networks. Still, it saves a TON of time, especially if you are adding new gear and maintaining exception lists across PCs. I have 6 commonly used /24's that get DHCP addresses for IPMI devices. I tried http://10.0.1.* but that did not work so this is an easy way to open up entire address ranges.