39-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter39 Configuring Filtering Services
Configuring Java Applet Filtering
Guidelines and Limitations for Java Applet Filtering
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Does not support IPv6.
Configuring Java Applet Filtering
To apply filtering to remove Java applets from HTTP traffic passing through the ASA, enter the
following command:
Configuration Examples for Java Applet Filtering
The following example specifies that Java applets are blocked on all outbound connections:
hostname(config)# filter java 80 0 0 0 0
This command specifies that the Java applet blocking applies to web traffic on port 80 from any local
host and for connections to any foreign host.
The following example blocks downloading of Java applets to a host on a protected network:
hostname(config)# filter java http 192.168.3.3 255.255.255.255 0 0
This command prevents host 192.168.3.3 from downloading Java applets.
Command Purpose
filter java port[-port] local_ip
local_mask foreign_ip foreign_mask
Example:
hostname# filter java 80 0 0 0 0
Removes Java applets in HTTP traffic passing through the ASA.
To use this command, replace port[-port] with the TCP port to which
filtering is applied. Typically, this is port 80, but other values are accepted.
The http or url literal can be used for port 80. You can specify a range of
ports by using a hyphen between the starting port number and the ending
port number.
The local IP address and mask identify one or more internal hosts that are
the source of the traffic to be filtered. The foreign address and mask specify
the external destination of the traffic to be filtered.
You can set either address to 0.0.0.0 (or in shortened form, 0) to specify all
hosts. You can use 0.0.0.0 for either mask (or in shortened form, 0) to
specify all hosts.
You can set either address to 0.0.0.0 (or in shortened form, 0) to specify all
hosts. You can use 0.0.0.0 for either mask (or in shortened form, 0) to
specify all hosts.