PIX command - fixup http

elipschutz · ‎01-09-2003

Hi,

Is there any other purpose with the fixup http command besides this;

"Note If there is a no fixup protocol http command statement in the configuration, the filter url command does not work."

Thanks.

tvanginneken · ‎01-09-2003

Hi,

The no fixup protocol http command statement also disables the filter url command.

HTTP inspection performs several functions:

URL logging of GET messages

URL screening via N2H2 or Websense

Java and ActiveX filtering

----------------------------------------------------------

Filtering ActiveX Objects:

ActiveX controls, formerly known as OLE or OCX controls, are components you can insert in a web page or other application. These controls include custom forms, calendars, or any of the extensive third-party forms for gathering or displaying information. As a technology, ActiveX creates many potential problems for the network clients including causing workstations to fail, introducing network security problems, or being used to attack servers.

The syntax of the command for filtering ActiveX objects is as follows:

filter activex port local_ip mask foreign_ip mask

This command blocks the HTML

----------------------------------------

Filtering Java Applets

The filter java command filters out Java applets that return to the PIX Firewall from an outbound connection. The user still receives the HTML page, but the web page source for the applet is commented out so that the applet cannot execute. The syntax of the command for filtering ActiveX objects is as follows:

filter java port[-port] local_ip mask foreign_ip mask

Use 0 for the local_ip or foreign_ip IP addresses to mean all hosts.

Kind Regards,

Tom