39-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter39 Configuring Filtering Services
Configuring ActiveX Filtering
Configuring ActiveX Filtering
This section includes the following topics:
Information About ActiveX Filtering, page39-2
Licensing Requirements for ActiveX Filtering, page39-2
Guidelines and Limitations for ActiveX Filtering, page39-3
Configuring ActiveX Filtering, page39-3
Configuration Examples for ActiveX Filtering, page39-3
Feature History for ActiveX Filtering, page 39-4

Information About ActiveX Filtering

ActiveX objects may pose security risks because they can contain code intended to attack hosts and
servers on a protected network. You can disable ActiveX objects with ActiveX filtering.
ActiveX controls, formerly known as OLE or OCX controls, are components that you can insert in a web
page or another application. These controls include custom forms, calendars, or any of the extensive
third-party forms for gathering or displaying information. As a technology, ActiveX creates many
potential problems for network clients including causing workstations to fail, introducing network
security problems, or being used to attack servers.
The filter activex command blocks the HTML object commands by commenting them out within the
HTML web page. ActiveX filtering of HTML files is performed by selectively replacing the <APPLET>
and </APPLET>, and <OBJECT CLASSID> and </OBJECT> tags with comments. Filtering of nested
tags is supported by converting top-level tags to comments.
Caution The filter activex command also blocks any Java applets, image files, or multimedia objects that are
embedded in object tags.
If the <object> or </object> HTML tags split across network packets or if the code in the tags is longer
than the number of bytes in the MTU, the ASA cannot block the tag.
ActiveX blocking does not occur when users access an IP address referenced by the alias command or
for clientless SSL VPN traffic.
Licensing Requirements for ActiveX Filtering
The following table shows the licensing requirements for this feature:
Model License Requirement
All models Base License.