Protection from Malicious Java Applets
With the rapid increase of Java applets on the Internet, protecting networks from malicious Java applets has become a major concern for every network administrator. Java blocking can be configured to intelligently filter or completely deny access to Java applets that are not embedded in archives or compressed files. If Java applets are embedded in archives or compressed files, they are not inspected by CBAC. When Java blocking is enabled on an interface, the firewall monitors contents of HTTP packets from HTTP servers, and when a Java applet is identified in the connection, the firewall immediately resets the connection to block that Java applet, preventing it from crossing the firewall.
While configuring CBAC, as soon as you turn on HTTP inspection (as shown in the commands that follow), it blocks the Java applet by default.