Feedback
Table Of Contents
Selective Enabling of Applications Using an HTTP or HTTPS Server
Information About Selective Enabling of Applications Using an HTTP or HTTPS Server
Selective Enabling of Applications Within the HTTP and HTTPS Infrastructure
How to Enable Selected Applications Using an HTTP or HTTPS Server
Enabling Selected HTTP Applications
Enabling Selected HTTPS Applications
Configuration Examples for Selective Enabling of Applications Using an HTTP or HTTPS Server
Enabling Selected HTTP and HTTPS Applications: Example
Feature Information for Selective Enabling of Applications Using an HTTP or HTTPS Server
Selective Enabling of Applications Using an HTTP or HTTPS Server
The Selective Enabling of Applications Using an HTTP or HTTPS Server feature eliminates a potential security vulnerability by providing a facility to enable selected HTTP and HTTP over Secure Socket Layer (HTTPS) services on both the Cisco IOS HTTP and HTTPS server infrastructure. This feature also provides the capability to view the current state of the HTTP and HTTPS services, including which services are enabled or disabled.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Selective Enabling of Applications Using an HTTP or HTTPS Server" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Information About Selective Enabling of Applications Using an HTTP or HTTPS Server
•
•
Information About Selective Enabling of Applications Using an HTTP or HTTPS Server
To use the Selective Enabling of Applications Using an HTTP or HTTPS Server feature, you should understand the following concept:
•
Selective Enabling of Applications Within the HTTP and HTTPS Infrastructure
The Selective Enabling of Applications Using an HTTP or HTTPS Server feature eliminates a potential security vulnerability by providing a facility to enable selected HTTP and HTTPS services on both the Cisco IOS HTTP and HTTPS server infrastructure. This feature also provides the capability to view the current state of the HTTP and HTTPS services, including which services are enabled or disabled.
Prior to this feature, HTTP or HTTPS applications running on a router or a switch, were either all enabled or all disabled when the HTTP server or HTTPS server was enabled or disabled, respectively (using the ip http server and ip http secure-server commands). In the situation where all HTTP or HTTPS applications were enabled, remote end-users were given potential access to services that could allow them to pose a potential security threat to service providers.
With this new feature, the Cisco IOS HTTP and HTTPS infrastructure provides a way to enable only selected HTTP and HTTPS applications to run on a router or a switch, thereby bypassing a potential security vulnerability. Selected HTTP and HTTPS applications can be enabled using the new ip http active-session-modules and ip http secure-active-session-modules configuration commands, respectively.
Note
How to Enable Selected Applications Using an HTTP or HTTPS Server
This section contains the following procedures:
•
•
Enabling Selected HTTP Applications
Perform this task to selectively enable the HTTP applications that will service incoming HTTP requests from remote clients.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Enabling Selected HTTPS Applications
Perform this task to selectively enable the HTTPS applications that will service incoming HTTPS requests from remote clients.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Configuration Examples for Selective Enabling of Applications Using an HTTP or HTTPS Server
This section provides the following configuration example:
•
Enabling Selected HTTP and HTTPS Applications: Example
The following configuration sample shows a configuration with different set of services available for HTTP and HTTPS requests. In this example, all HTTP applications are enabled for providing services to remote clients, but for HTTPS services, only the HTTPS applications defined in list1 (Simple Certificate Enrollment Protocol [SCEP] and HOME_PAGE) are enabled.
ip http session-module-list list1 SCEP,HOME_PAGEip http active-session-modules allip http serverip http secure-serverip http secure-active-session-modules list1Additional References
The following sections provide references related to the Selective Enabling of Applications Using an HTTP or HTTPS Server feature.
Related Documents
Additional HTTP configuration information
Using the Cisco Web Browser User Interface feature module
Additional HTTPS configuration information
HTTPS - HTTP Server and Client with SSL 3.0 feature module
Additional HTTP and HTTPS commands
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
None
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
—
Technical Assistance
Feature Information for Selective Enabling of Applications Using an HTTP or HTTPS Server
Table 1 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved.
