Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
7
Replies

ip http server option

whiteford
Level 1
Level 1

‎10-13-2007 07:13 AM - edited ‎03-03-2019 07:09 PM

Hi, I know many don't use the "ip http server" option but I do via the SDM. I was wondering can I just turn on https with "ip http secure-server" then turn off the http access?

What sort of rule would allow me to get on this from the internet address? I can get onto it via the VPN but not via the public IP, although I can using telnet.

Labels:
0 Helpful
7 Replies 7

Edison Ortiz
Hall of Fame
Hall of Fame

‎10-13-2007 04:59 PM

You need to have http-server enabled to have secure-server.

You can create an ACL and apply it to the ip http server to allow only certain IPs.

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to Edison Ortiz

‎10-13-2007 05:30 PM

Sorry Edison, but the documentation seems to say differently:

"When enabling the secure HTTP server you should always disable the standard HTTP server to prevent insecure connections to the same services. Disable the standard HTTP server using the no ip http server command in global configuration mode (this is a precautionary step; typically, the HTTP server is disabled by default)."

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hnm_r/nmg_02h.htm#wp1030706

Kevin Dorrell

Luxembourg

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to Kevin Dorrell

‎10-13-2007 07:20 PM

stand corrected, thanks Kevin.

0 Helpful

whiteford
Level 1
Level 1
In response to Edison Ortiz

‎10-13-2007 09:44 PM

Hi, I want to add that https rule so just pc can access it. Do you have an example I could use?

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to whiteford

‎10-14-2007 06:55 AM

On this example, your PC is using IP address 192.168.1.20

ip http access-class 20

ip http secure-server

!

!

access-list 20 permit 192.168.1.20

!

Keep in mind, in order to turn on http secure-server, you need to run a k9 feature set. You can verify that you have a k9 feature set by typing show version and look for this line

"This product contains cryptographic features"

0 Helpful

whiteford
Level 1
Level 1
In response to Edison Ortiz

‎10-14-2007 07:20 AM

As a Cisco novice, is it very common that most Cisco guys don't use the web feature? I suppose I could just turn it on when I want to.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to whiteford

‎10-14-2007 08:52 AM

Very rare I see people using the web service, if you know your way around the command-line interface, http/s server is often disabled.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card