09-28-2004 11:27 PM - edited 02-20-2020 11:39 PM
Hi
What exactly the following commands on PIX do?
1. filter java port local_ip mask foreign_ip mask
2. filter activex port local_ip mask foreign_ip mask
What are the benefits of blocking Java & ActiveX on the WebPages? Do they help in reducing the threat of malicious codes hidden in the ActiveX and Java applets? After configuring this on PIX how do I verify that the filtering is in effect?
Thanks in advance for any reply.
Regards // Anoop
09-29-2004 08:36 AM
filter java
The filter java command filters out Java applets that return to the PIX Firewall from an outbound connection. The user still receives the HTML page, but the web page source for the applet is commented out so that the applet cannot execute. Use 0 for the local_ip or foreign_ip IP addresses to mean all hosts.
Note If Java applets are known to be in
To specify that all outbound connections have Java applet blocking, use the following command:
filter java 80 0 0 0 0
This command specifies that the Java applet blocking applies to Web traffic on port 80 from any local host and for connections to any foreign host.
The following example specifies that Java applet blocking applies to web traffic on port 80 from local subnet
10.10.10.0 and for connections to any foreign host:
filter java http 10.10.10.0 255.255.255.0 0 0
=============================================================================
filter activex
The filter activex command filters out ActiveX, Java applets, and other HTML
As a technology, it creates many potential problems for the network clients including causing workstations to fail, introducing network security problems, or be used to attack servers.
This feature blocks the HTML
Note The
ActiveX blocking does not occur when users access an IP address referenced by the alias command.
To specify that all outbound connections have ActiveX blocking, use the following command:
filter activex 80 0 0 0 0
This command specifies that the ActiveX blocking applies to Web traffic on port 80 from any local host and for connections to any foreign host.
Show filter ?
Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filters
See command reference for version 6.3:
sincerely
Patrick
10-01-2004 03:04 AM
Hi Patrick
Thanks a lot for the information. After configuring the PIX for Java & ActiveX filtering as mentioned by you, Is there any way to verify that these are filtered out or not from the HTML web pages?
Thanking you once again.
Regards // Anoop
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide