https://community.cisco.com/t5/network-security/selective-java-applet-blocking-by-external-address-with-pix/m-p/172020#M606847 <HTML><HEAD></HEAD><BODY><P>I saw that, but I can't translate that into what I want to do. Maybe I'm missing something.</P><P>What I want to do is to deny Java applets from all foreign hosts except fro those I define as friendly. Using CBAC, I'd set up a java access list along these lines:</P><P>access-list XX permit 12.0.3.0 0.0.0.255</P><P>access-list XX deny any </P><P>Which would allow Java applets from 12.0.3.0/24 but deny them from everyone else.</P><P>If I could use the filter java command to filter all java *except* certain stuff, that'd be perfect.</P></BODY></HTML> Wed, 16 Apr 2003 22:44:55 GMT bhockenhull 2003-04-16T22:44:55Z https://community.cisco.com/t5/network-security/selective-java-applet-blocking-by-external-address-with-pix/m-p/172018#M606843 <P>I'm trying to implement Java applet blocking on my PIX, and I'm looking for a way to be more selective about how i do it.</P><P></P><P>According to the documentation, I can permit certain internal addresses to get Java applets from the outside, but it doesn't seem that I can permit all internal addresses to get Java applets only from certain external addresses.</P><P></P><P>I can do this (but would prefer not to) at my border router with CBAC using access lists, but the same functionality doesn't seem to be present in the PIX.</P> Fri, 21 Feb 2020 06:41:45 GMT https://community.cisco.com/t5/network-security/selective-java-applet-blocking-by-external-address-with-pix/m-p/172018#M606843 bhockenhull 2020-02-21T06:41:45Z https://community.cisco.com/t5/network-security/selective-java-applet-blocking-by-external-address-with-pix/m-p/172019#M606845 <HTML><HEAD></HEAD><BODY><P>HI.</P><P></P><P>Did you read this:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#1039734" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#1039734</A></P><P></P><P>According to the above document, you can specify either internal and/or external addresses in the "filter java" command. Did you try it?</P><P></P><P>What is your pix OS version?</P><P>What is the exact command that you try?</P><P></P><P>Yizhar</P><P></P></BODY></HTML> Wed, 16 Apr 2003 22:24:12 GMT https://community.cisco.com/t5/network-security/selective-java-applet-blocking-by-external-address-with-pix/m-p/172019#M606845 yizhar 2003-04-16T22:24:12Z https://community.cisco.com/t5/network-security/selective-java-applet-blocking-by-external-address-with-pix/m-p/172020#M606847 <HTML><HEAD></HEAD><BODY><P>I saw that, but I can't translate that into what I want to do. Maybe I'm missing something.</P><P>What I want to do is to deny Java applets from all foreign hosts except fro those I define as friendly. Using CBAC, I'd set up a java access list along these lines:</P><P>access-list XX permit 12.0.3.0 0.0.0.255</P><P>access-list XX deny any </P><P>Which would allow Java applets from 12.0.3.0/24 but deny them from everyone else.</P><P>If I could use the filter java command to filter all java *except* certain stuff, that'd be perfect.</P></BODY></HTML> Wed, 16 Apr 2003 22:44:55 GMT https://community.cisco.com/t5/network-security/selective-java-applet-blocking-by-external-address-with-pix/m-p/172020#M606847 bhockenhull 2003-04-16T22:44:55Z