Information
Removes ActiveX controls from the HTTP reply traffic received on the security appliance.
Rationale:
ActiveX controls are used to provide a rich users' browsing experience. Because the ActiveX control is a written program that is executed in the users' computers, it can be used by attackers to perform malicious tasks on the machines of their victims.
Solution
Step 1: Acquire the TCP port used for the HTTP traffic containing ActiveX objects, the IP address <internal_users_ip> and mask <internal_users_mask> of internal users generating the HTTP traffic, and the IP address <external_servers_ip> and mask <external_servers_mask> of the external servers to which the internal users connect and that are source of ActiveX objects.
Step 2: Run the following command to filter ActiveX applets.
hostname(config)# filter activex <port> <internal_users_ip> <internal_users_mask> <external_servers_ip> <external_servers_mask>
Default Value:
ActiveX control filtering is disabled by default.