39-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter39 Configuring Filtering Services
Licensing Requirements for ActiveX Filtering
Guidelines and Limitations for ActiveX Filtering
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Does not support IPv6.
Configuring ActiveX Filtering
To remove ActiveX objects in HTTP traffic that is passing through the ASA, enter the following
command:
Configuration Examples for ActiveX Filtering
You can set either address to 0.0.0.0 (or in shortened form, 0) to specify all hosts. You can use 0.0.0.0
for either mask (or in shortened form, 0) to specify all masks. This command specifies that the ActiveX
object blocking applies to HTTP traffic on port 80 from any local host and for connections to any foreign
host.
The following example shows how to configure ActiveX filtering to block all outbound connections:
hostname(config)# filter activex 80 0 0 0 0
The following example shows how to remove ActiveX filtering:
hostname(config)# no filter activex 80 0 0 0 0
Command Purpose
filter activex port[-port] local_ip
local_mask foreign_ip foreign_mask
Example:
hostname# filter activex 80 0 0 0 0
Removes ActiveX objects. To use this command, replace port[-port] with
the TCP port to which filtering is applied. Typically, this is port 80, but
other values are accepted. The http or url literal can be used for port 80.
You can specify a range of ports by using a hyphen between the starting
port number and the ending port number. The local IP address and mask
identify one or more internal hosts that are the source of the traffic to be
filtered. The foreign address and mask specify the external destination of
the traffic to be filtered.