Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Getting blocked by Palo Alto Firewalls

Heads up! Requests to url like get blocked by the Palo Alto Firewall threat detection as "RFC2397 Data URL Scheme Usage Detected". They categorize it as a Medium may want to sort this out with them.

CISO, Conde Nast

3 Community Answers


JW Player Support Agent  
0 rated :

Hi Craig,

JW7 uses the data: // URL scheme to embed our custom font into the player’s Javascript. Please escalate this to Palo Alto as a false positive. We have tried to reach out to them and they told us that only their paying customers can submit those. If you’d like to contact us directly about this issue feel free to e-mail support at jw player dot com.


JW Player Support Agent  
0 rated :

UPDATE: 5/10/16

We have put a potential fix in place with JW 7.4.1 that removes base64 encoded fonts from the player. If anyone is experiencing this issue, please test this new version out and provide feedback. It’s currently located on our staging channel. Please read our article here ( for information on how to set your players to different channels.

Alessandro Tinivelli

1 rated :

hi, i'm a net admin using PaloAltoNetworks firewall since 2011. I can understand that is frustrating when your software is blocked even when it behaves under RFC specs.

But if this RFC is (pontentially) used by malware we have no choice: me must tell our firewall to block. It's not a "false positive", it's a way to try avoiding cryptolockers and so on.
We find no fun in blocking your software ;) the cybercrime is getting every day more powerful and dangerous, so expect to deal with problems like this more often in the future.

This question has received the maximum number of answers.