Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
5
Helpful
1
Replies

PIX command - fixup http

elipschutz
Level 1
Level 1

‎01-09-2003 08:01 AM - edited ‎02-20-2020 10:28 PM

Hi,

Is there any other purpose with the fixup http command besides this;

"Note If there is a no fixup protocol http command statement in the configuration, the filter url command does not work."

Thanks.

0 Helpful
1 Reply 1

tvanginneken
Level 4
Level 4

‎01-09-2003 04:27 PM

Hi,

The no fixup protocol http command statement also disables the filter url command.

HTTP inspection performs several functions:

URL logging of GET messages

URL screening via N2H2 or Websense

Java and ActiveX filtering

----------------------------------------------------------

Filtering ActiveX Objects:

ActiveX controls, formerly known as OLE or OCX controls, are components you can insert in a web page or other application. These controls include custom forms, calendars, or any of the extensive third-party forms for gathering or displaying information. As a technology, ActiveX creates many potential problems for the network clients including causing workstations to fail, introducing network security problems, or being used to attack servers.

The syntax of the command for filtering ActiveX objects is as follows:

filter activex port local_ip mask foreign_ip mask

This command blocks the HTML commands by commenting them out within the HTML web page. This functionality has been added to the filter command with the activex option.

----------------------------------------

Filtering Java Applets

The filter java command filters out Java applets that return to the PIX Firewall from an outbound connection. The user still receives the HTML page, but the web page source for the applet is commented out so that the applet cannot execute. The syntax of the command for filtering ActiveX objects is as follows:

filter java port[-port] local_ip mask foreign_ip mask

Use 0 for the local_ip or foreign_ip IP addresses to mean all hosts.

Kind Regards,

Tom

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card