10-13-2007 07:13 AM - edited 03-03-2019 07:09 PM
Hi, I know many don't use the "ip http server" option but I do via the SDM. I was wondering can I just turn on https with "ip http secure-server" then turn off the http access?
What sort of rule would allow me to get on this from the internet address? I can get onto it via the VPN but not via the public IP, although I can using telnet.
10-13-2007 04:59 PM
You need to have http-server enabled to have secure-server.
You can create an ACL and apply it to the ip http server to allow only certain IPs.
10-13-2007 05:30 PM
Sorry Edison, but the documentation seems to say differently:
"When enabling the secure HTTP server you should always disable the standard HTTP server to prevent insecure connections to the same services. Disable the standard HTTP server using the no ip http server command in global configuration mode (this is a precautionary step; typically, the HTTP server is disabled by default)."
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hnm_r/nmg_02h.htm#wp1030706
Kevin Dorrell
Luxembourg
10-13-2007 07:20 PM
stand corrected, thanks Kevin.
10-13-2007 09:44 PM
Hi, I want to add that https rule so just pc can access it. Do you have an example I could use?
10-14-2007 06:55 AM
On this example, your PC is using IP address 192.168.1.20
ip http access-class 20
ip http secure-server
!
!
access-list 20 permit 192.168.1.20
!
Keep in mind, in order to turn on http secure-server, you need to run a k9 feature set. You can verify that you have a k9 feature set by typing show version and look for this line
"This product contains cryptographic features"
10-14-2007 07:20 AM
As a Cisco novice, is it very common that most Cisco guys don't use the web feature? I suppose I could just turn it on when I want to.
10-14-2007 08:52 AM
Very rare I see people using the web service, if you know your way around the command-line interface, http/s server is often disabled.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide