PIX command - fixup http
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2003 08:01 AM - edited 02-20-2020 10:28 PM
Hi,
Is there any other purpose with the fixup http command besides this;
"Note If there is a no fixup protocol http command statement in the configuration, the filter url command does not work."
Thanks.
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2003 04:27 PM
Hi,
The no fixup protocol http command statement also disables the filter url command.
HTTP inspection performs several functions:
URL logging of GET messages
URL screening via N2H2 or Websense
Java and ActiveX filtering
----------------------------------------------------------
Filtering ActiveX Objects:
ActiveX controls, formerly known as OLE or OCX controls, are components you can insert in a web page or other application. These controls include custom forms, calendars, or any of the extensive third-party forms for gathering or displaying information. As a technology, ActiveX creates many potential problems for the network clients including causing workstations to fail, introducing network security problems, or being used to attack servers.
The syntax of the command for filtering ActiveX objects is as follows:
filter activex port local_ip mask foreign_ip mask
This command blocks the HTML
----------------------------------------
Filtering Java Applets
The filter java command filters out Java applets that return to the PIX Firewall from an outbound connection. The user still receives the HTML page, but the web page source for the applet is commented out so that the applet cannot execute. The syntax of the command for filtering ActiveX objects is as follows:
filter java port[-port] local_ip mask foreign_ip mask
Use 0 for the local_ip or foreign_ip IP addresses to mean all hosts.
Kind Regards,
Tom
