Configuring java applet filtering, Configuration examples for java applet filtering – Cisco ASA 5505 User Manual

Page 801

Advertising
background image

39-5

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 39 Configuring Filtering Services

Configuring Java Applet Filtering

Guidelines and Limitations for Java Applet Filtering

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed and transparent firewall mode.

IPv6 Guidelines

Does not support IPv6.

Configuring Java Applet Filtering

To apply filtering to remove Java applets from HTTP traffic passing through the ASA, enter the
following command:

Configuration Examples for Java Applet Filtering

The following example specifies that Java applets are blocked on all outbound connections:

hostname(config)# filter java 80 0 0 0 0

This command specifies that the Java applet blocking applies to web traffic on port 80 from any local
host and for connections to any foreign host.

The following example blocks downloading of Java applets to a host on a protected network:

hostname(config)# filter java http 192.168.3.3 255.255.255.255 0 0

This command prevents host 192.168.3.3 from downloading Java applets.

Command

Purpose

filter java

port[-port] local_ip

local_mask foreign_ip foreign_mask

Example:

hostname# filter java 80 0 0 0 0

Removes Java applets in HTTP traffic passing through the ASA.

To use this command, replace port[-port] with the TCP port to which
filtering is applied. Typically, this is port 80, but other values are accepted.
The http or url literal can be used for port 80. You can specify a range of
ports by using a hyphen between the starting port number and the ending
port number.

The local IP address and mask identify one or more internal hosts that are
the source of the traffic to be filtered. The foreign address and mask specify
the external destination of the traffic to be filtered.

You can set either address to 0.0.0.0 (or in shortened form, 0) to specify all
hosts. You can use 0.0.0.0 for either mask (or in shortened form, 0) to
specify all hosts.

You can set either address to 0.0.0.0 (or in shortened form, 0) to specify all
hosts. You can use 0.0.0.0 for either mask (or in shortened form, 0) to
specify all hosts.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals