Introduction:

The FSS Administrative UI uses certain file extensions to operate. The security teams like to block the extensions that are not used by the FSSUI. This article discusses which file extensions are used by FSSUI to operate. 

Question:

What are the file extension that are used by the FSS Administration UI, so that we can make sure to allow only those extensions on our servers. We would like to block all the file extensions on the server except the ones that are used by FSS Administration UI for security reasons. 

Environment:

All the policy server environments.

Answer:

FSS UI uses java applet so it should have .jar as file extension. Also taking a Fiddler trace while launching the  FSS Administrative UI will load the following file types: 

• .exe 
• .html 
• .jar 
• .js 
• .jpg 
• .gif 
• .properties (got 404 on all these and the UI still works) 
• .class (got 404 on all these and the UI still works) 

Due to frequent cumulative releases and different versions, running a fiddler in the background while launching  the UI can confirm all the extensions being used.