Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ip http server option

Hi, I know many don't use the "ip http server" option but I do via the SDM. I was wondering can I just turn on https with "ip http secure-server" then turn off the http access?

What sort of rule would allow me to get on this from the internet address? I can get onto it via the VPN but not via the public IP, although I can using telnet.

7 REPLIES
Hall of Fame Super Bronze

Re: ip http server option

You need to have http-server enabled to have secure-server.

You can create an ACL and apply it to the ip http server to allow only certain IPs.

Re: ip http server option

Sorry Edison, but the documentation seems to say differently:

"When enabling the secure HTTP server you should always disable the standard HTTP server to prevent insecure connections to the same services. Disable the standard HTTP server using the no ip http server command in global configuration mode (this is a precautionary step; typically, the HTTP server is disabled by default)."

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hnm_r/nmg_02h.htm#wp1030706

Kevin Dorrell

Luxembourg

Hall of Fame Super Bronze

Re: ip http server option

stand corrected, thanks Kevin.

New Member

Re: ip http server option

Hi, I want to add that https rule so just pc can access it. Do you have an example I could use?

Hall of Fame Super Bronze

Re: ip http server option

On this example, your PC is using IP address 192.168.1.20

ip http access-class 20

ip http secure-server

!

!

access-list 20 permit 192.168.1.20

!

Keep in mind, in order to turn on http secure-server, you need to run a k9 feature set. You can verify that you have a k9 feature set by typing show version and look for this line

"This product contains cryptographic features"

New Member

Re: ip http server option

As a Cisco novice, is it very common that most Cisco guys don't use the web feature? I suppose I could just turn it on when I want to.

Hall of Fame Super Bronze

Re: ip http server option

Very rare I see people using the web service, if you know your way around the command-line interface, http/s server is often disabled.

200
Views
0
Helpful
7
Replies