Downloads |
Table Of Contents
HTTP 1.1 Web Server and Client
Information About the HTTP 1.1 Web Server and Client
About HTTP Server General Access Policies
How to Configure the HTTP 1.1 Web Server
How to Configure the HTTP Client
Configuration Examples for the HTTP 1.1 Web Server
HTTP 1.1 Web Server and Client
The HTTP 1.1 Web Server and Client feature provides a consistent interface for users and applications by implementing support for HTTP 1.1 in Cisco IOS software-based devices. Prior to this release, Cisco software supported an implementation of HTTP 1.0. The integrated HTTP server API supports server application interfaces. When combined with the HTTPS feature, the HTTP 1.1 Web Server and Client provides a complete, secure solution for HTTP services to and from Cisco devices.
Feature Specifications for the HTTP 1.1 Web Server and Client
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Information About the HTTP 1.1 Web Server and Client
•
•
•
Information About the HTTP 1.1 Web Server and Client
This feature updates the Cisco implementation of the Hypertext Transfer Protocol (HTTP) from 1.0 to 1.1. The HTTP server allows features and applications, such as the Cisco Web browser user interface, to be run on your routing device.
The Cisco implementation of HTTP 1.1 is backward-compatible with previous Cisco IOS releases. If you are currently using configurations that enable the HTTP server, no configuration changes are needed, as all defaults remain the same.
The process of enabling and configuring the HTTP server also remains the same as in previous releases. Support for Server Side Includes (SSI) and HTML forms has not changed. Additional configuration options, in the form of the ip http timeout-policy command and the ip http max-connections command have been added. These options allow configurable resource limits for the HTTP server. If you do not use these optional commands, the default policies are used.
Remote applications may require that you enable the HTTP server before using them. Applications that use the HTTP server include:
•
•
•
•
No Cisco applications make use of the HTTP Client in Cisco IOS Release 12.2(15)T.
About HTTP Server General Access Policies
The new ip http timeout-policy command allows you to specify general access characteristics for the server by configuring a value for idle time, connection life, and request maximum. By adjusting these values you can configure a general policy; for example, if you want to maximize throughput for HTTP connections, you should configure a policy that minimizes connection overhead. You can do this by specifying large values for the life and request options so that each connection stays open longer and more requests are processed for each connection.
Another example would be to configure a policy that minimizes the response time for new connections. You can do this by specifying small values for the life and request options so that the connections are quickly released to serve new clients.
A throughput policy would be better for HTTP sessions with dedicated management applications, as it would allow the application to send more requests before the connection is closed, while a response time policy would be better for interactive HTTP sessions, as it would allow more people to connect to the server at the same time without having to wait for connections to become available.
In general, you should configure these options as appropriate for your environment. The value for the idle option should be balanced so that it is large enough not to cause an unwanted request or response timeout on the connection, but small enough that it does not hold a connection open longer than necessary.
Access security policies for the HTTP server are configured using the ip http authentication command, which allows only selective users to access the server, and the ip http access-class command, which allows only selective IP hosts to access the server.
How to Configure the HTTP 1.1 Web Server
To enable the HTTP server and configure optional server characteristics, perform the following steps. The HTTP server is disabled by default.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
How to Configure the HTTP Client
The standard HTTP 1.1 client and the secure HTTP client are always enabled. No commands exist to disable the HTTP client. For information about configuring optional characteristics for the secure HTTP (HTTPS) client, see the "HTTPS - HTTP Server and Client with SSL 3.0" 12.2(15)T feature guide document.
To configure optional characteristics of the HTTP client, use any of the following optional commands.
1.
2.
3.
4.
5.
6.
7.
Router(config)#ip http client ?cache HTTP client cacheconnection Configure HTTP Client connectionpassword Specify password for HTTP(S) file system client connectionsproxy-server Specify proxy server name for HTTP file system clientconnectionsresponse How long HTTP Client waits for a response from the serverfor a request message before giving upsource-interface Specify interface for source address in all HTTP(S) clientconnectionsusername Specify username for HTTP(S) file system client connectionsDETAILED STEPS
Configuration Examples for the HTTP 1.1 Web Server
The following example shows a typical configuration that enables the server and sets some of the characteristics:
Router(config)# ip http serverRouter(config)# ip http authentication aaa exec-authorization LOCALDBRouter(config)# ip http path flash:Router(config)# ip http access-class 10Router(config)# ip http max-connections 10In the following example, a Throughput timeout policy is applied. This configuration would allow each connection to be idle a maximum of 30 seconds (approximately). Each connection will remain open (be "alive") until either the HTTP server has been busy processing requests for approximately 2 minutes (120 seconds) or until approximately100 requests have been processed.
Router(config)# ip http timeout-policy idle 30 life 120 requests 100In the following example, a Response Time timeout policy is applied. This configuration would allow each connection to be idle a maximum of 30 seconds (approximately). Each connection will be closed as soon as the first request has been processed.
Router(config)# ip http timeout-policy idle 30 life 30 requests 1Verifying HTTP Connectivity
To verify remote connectivity to the HTTP server, enter the system IP address in a Web browser, followed by a colon and the appropriate port number (80 is the default port number).
For example, if the system IP address is 209.165.202.128 and the port number is 8080, enter http://209.165.202.128:8080 as the URL in a Web browser.
If HTTP authentication is configured, a login dialog box will appear. Enter the appropriate user name and password. If the default login authentication method of "enable" is configured, you may leave the username field blank, and use the "enable" password to log in.
The system home page should appear in your browser.
Where to Go Next
For information about secure HTTP connections using Secure Socket Layer (SSL) 3.0, refer to the "HTTPS - HTTP with SSL 3.0" 12.2(15)T feature document listed below.
Additional References
For additional information related to the HTTP 1.1 Web Server and Client, refer to the following references:
Related Documents
Standards
No specific standards are supported by this feature. Note that HTTP 1.1, as defined in RFC 2616, is currently classified as a "Standards Track" document by the IETF.
MIBs
•
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
RFCs
The Cisco implementation of the HTTP version 1.1 supports a subset of elements defined in RFC 2616. The following is a list of supported RFC 2616 headers:
•
•
•
•
•
•
•
•
•
•
•
Technical Assistance
Command Reference
This section documents the commands used to configure the HTTP 1.1 Web Server and HTTP 1.1 Web Client. All other commands used with this feature are documented in the Cisco IOS Release 12.2 T command reference publications.
debug ip http all
To enable debugging output for all HTTP processes on the system, use the debug ip http all command in privileged EXEC mode. To disable HTTP debugging output, use the no form of this command.
debug ip http all
no debug ip http all
Command History
Usage Guidelines
This command enables debugging messages for all HTTP processes and activity. Issuing this command is equivalent to issuing the following commands:
•
•
•
•
•
•
Examples
For sample output and field descriptions of this command, see the documentation of the commands listed in the "Usage Guidelines" section.
Related Commands
ip http access-class
To specify the access list that should be used to restrict access to the HTTP server, use the ip http access-class command in global configuration mode. To remove a previously configured access list association, use the no form of this command.
ip http access-class access-list-number
no ip http access-class access-list-number
Syntax Description
access-list-number
Standard IP access list number in the range 0 to 99, as configured by the access-list global configuration command.
Defaults
No access list is applied to the HTTP server.
Command Modes
Global configuration
Command History
Usage Guidelines
If this command is configured, the specified access list is assigned to the HTTP server. Before the HTTP server accepts a connection, it checks the access list. If the check fails, the HTTP server does not accept the request for a connection.
Examples
In the following example the access list identified as "20" is defined and assigned to the HTTP server:
Router(config)# ip access-list standard 20Router(config-std-nacl)# permit 209.165.202.0 0.0.0.255Router(config-std-nacl)# permit 209.165.0.0 0.0.255.255Router(config-std-nacl)# permit 209.0.0.0 0.255.255.255! (Note: all other access implicitly denied)Router(config-std-nacl)# exitRouter(config)# ip http access-class 20Related Commands
ip http max-connections
To configure the maximum number of concurrent connections allowed for the HTTP server, use the ip http max-connections command in global configuration mode. To return the maximum connection value to the default, use the no form of this command.
ip http max-connections value
no ip http max-connections value
Syntax Description
Defaults
5 concurrent HTTP connections.
Command Modes
Global configuration
Command History
Usage Guidelines
Platform-specific implementations can supercede the upper range limit of 16.
If a new value is configured that is less than the previously configured value while the current number of connections exceeds the new maximum value, the HTTP server will not abort any of the current connections. However, the server will not accept any new connections until the current number of connections falls below the new configured value.
Examples
In the following example the HTTP server is configured to allow up to 10 simultaneous connections:
Router(config)# ip http serverRouter(config)# ip http max-connections 10Related Commands
ip http server
Enables the HTTP 1.1 server, including the Cisco web browser user interface.
ip http path
To specify the base path used to locate files for use by the HTTP server, use the ip http path command in global configuration mode. To disable the HTTP server, use the no form of this command.
ip http path URL
no ip http path URL
Syntax Description
URL
Cisco IOS File System (IFS) Uniform Resource Locator (URL) specifying the location of the HTML files used by the HTTP server.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
After enabling the HTTP server, you should set the base path by specifying the location of the HTML files to be served. HTML files used by the HTTP Web Server typically reside in system Flash memory.
Remote URLs can be specified using this command, but use of remote pathnames (for example, where HTML files are located on a remote TFTP server) is not recommended.
Examples
In the following example, the HTML files are located in the default Flash location on the system:
Router(config)# ip http path flash:In the following example, the HTML files are located in the directory named "web" on the Flash memory card inserted in slot 0:
Router(config)# ip http path slot0:webRelated Commands
ip http server
Enables the HTTP 1.1 server, including the Cisco web browser user interface.
ip http port
To specify the port number to be used by the HTTP server, use the ip http port command in global configuration mode. To return the port number to the default, use the no form of this command.
ip http port port-number
no ip http port port-number
Syntax Description
port-number
The port number to be used for the HTTP server. Valid values are 80 or any value from 1024 to 65535. The default is 80.
Defaults
The HTTP server uses port 80.
Command Modes
Global configuration
Command History
11.2
This command was introduced.
12.2(15)T
This command was modified to restrict port numbers. The port number 443 is now reserved for HTTPS (HTTP over SSL) connections.
Usage Guidelines
HTTP port 80 is the standard port used by web servers.
Examples
In the following example the HTTP server port is changed to port 8080.
Router(config)# ip http serverRouter(config)# ip http port 8080Related Commands
ip http server
Enables the HTTP 1.1 server, including the Cisco web browser user interface.
ip http server
To enable the HTTP server on your system, including the Cisco web browser user interface, use the ip http server command in global configuration mode. To disable the HTTP server, use the no form of this command.
ip http server
no ip http server
Syntax Description
This command has no arguments or keywords.
Defaults
The HTTP server is disabled.
Command Modes
Global configuration
Command History
11.2
This command was introduced.
12.2(15)T
The HTTP 1.0 implementation was replaced by the HTTP 1.1 implementation.
Usage Guidelines
The HTTP server uses the standard port 80 by default.
Caution
Examples
In the following example the HTTP server is enabled:
Router(config)# ip http serverRouter(config)# ip http path flash:Related Commands
ip http path
Enables the HTTP 1.1 server, including the Cisco web browser user interface.
ip http timeout-policy
To configure the parameters for closing connections to the local HTTP server, use the ip http timeout-policy command in global configuration mode. To return the parameters to their defaults, use the no form of this command.
ip http timeout-policy idle seconds life seconds requests value
no ip http timeout-policy
Syntax Description
Defaults
HTTP server connection idle time: 180 seconds (3 minutes)
HTTP server connection life time: 180 seconds (3 minutes)
HTTP server connection maximum requests: 1
Command Modes
Global configuration
Command History
Usage Guidelines
This command sets the characteristics that determine how long a connection to the HTTP server should remain open.
This command may not take effect immediately on any HTTP connections that are open at the time you use this command. In other words, new values for idle time, life time, and maximum requests will apply only to connections made to the HTTP server after this command is issued.
A connection may be closed sooner than the configured idle time if the server is too busy or the limit on the life time or the number of requests is reached.
A connection may be closed sooner than the configured life time if the server is too busy or the limit on the idle time or the number of requests is reached. Also, since the server will not close a connection while actively processing a request, the connection may remain open longer than the specified life time if processing is occurring when the life maximum is reached. In this case, the connection will be closed when processing finishes.
A connection may be closed before the maximum number of requests are processed if the server is too busy or the limit on the idle time or life time is reached.
The ip http timeout-policy command allows you to specify a general access policy to the HTTP server by adjusting the connection timeout values. For example, if you want to maximize throughput for HTTP connections, you should configure a policy that minimizes connection overhead. You can do this by specifying large values for the life and request options so that each connection stays open longer and more requests are processed for each connection.
Another example would be to configure a policy that minimizes the response time for new connections. You can do this by specifying small values for the life and request options so that the connections are quickly released to serve new clients.
A throughput policy would be better for HTTP sessions with dedicated management applications, as it would allow the application to send more requests before the connection is closed, while a response time policy would be better for interactive HTTP sessions, as it would allow more people to connect to the server at the same time without having to wait for connections to become available.
In general, you should configure these options as appropriate for your environment. The value for the idle option should be balanced so that it is large enough not to cause an unwanted request or response timeout on the connection, but small enough that it does not hold a connection open longer than necessary.
Examples
In the following example, a Throughput timeout policy is applied. This configuration would allow each connection to be idle a maximum of 30 seconds (approximately). Each connection will remain open (be "alive") until either the HTTP server has been busy processing requests for approximately 2 minutes (120 seconds) or until approximately 100 requests have been processed.
Router(config)# ip http timeout-policy idle 30 life 120 requests 100In the following example, a Response Time timeout policy is applied. This configuration would allow each connection to be idle a maximum of 30 seconds (approximately). Each connection will be closed as soon as the first request has been processed.
Router(config)# ip http timeout-policy idle 30 life 30 requests 1Related Commands
ip http server
Enables the HTTP 1.1 server, including the Cisco web browser user interface.
show ip http server
To display details about the current configuration of the HTTP server, use the show ip http server command in privileged EXEC mode.
show ip http server {all | status | session-module | connection | statistics | history}
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to show detailed status information about the HTTP server.
Examples
The following is sample output from the show ip http server all command:
Router# show ip http server allHTTP server status: EnabledHTTP server port: 80HTTP server authentication method: enableHTTP server access class: 0HTTP server base path:Maximum number of concurrent server connections allowed: 5Server idle time-out: 30 secondsServer life time-out: 120 secondsMaximum number of requests allowed on a connection: 2HTTP Secure Server Capability: Not PresentHTTP server application session modules:Session module Name Handle DescriptionHomepage_Server 5 IOS Homepage ServerQDM 2 QOS Device Manager ServerHTTP IFS Server 1 HTTP based IOS File ServerQDM SA 3 QOS Device Manager Signed Applet ServerWEB_EXEC 4 HTTP based IOS EXEC ServerXSM 6 XML Session ManagerVDM 7 VPN Device Manager ServerITS 8 IOS Telephony ServiceITS_LOCDIR 9 ITS Local Directory SearchHTTP server current connections:local-ipaddress:port remote-ipaddress:port in-bytes out-bytes172.19.254.37:80 128.190.254.45:33737 70 2294HTTP server statistics:Accepted connections total: 1360HTTP server history:local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time172.91.254.37:80 128.190.254.45:63530 60 1596 10:50:00 12/19Table 1 describes the significant fields shown in the display.
The following example shows sample output for the show ip http server status command:
Router# show ip http server statusHTTP server status: DisabledHTTP server port: 80HTTP server authentication method: enableHTTP server access class: 0HTTP server base path:Maximum number of concurrent server connections allowed: 5Server idle time-out: 600 secondsServer life time-out: 600 secondsMaximum number of requests allowed on a connection: 1HTTP secure server capability: PresentHTTP secure server status: DisabledHTTP secure server port: 443HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-12aHTTP secure server client authentication: DisabledHTTP secure server trustpoint:The lines indicating the status of the HTTP secure (HTTPS) server will only be visible if your software image supports the HTTPS server. If your software image does not support SSL, the output will end with the following line:
HTTP secure server capability: Not presentThe following example shows sample output for the show ip http server status command when the software image does not support SSL (and, by extenstion, does not support the secure HTTP server):
Router> show ip http server statusHTTP server status: EnabledHTTP server port: 80HTTP server authentication method: enableHTTP server access class: 0HTTP server base path:Maximum number of concurrent server connections allowed: 5Server idle time-out: 180 secondsServer life time-out: 180 secondsMaximum number of requests allowed on a connection: 1HTTP secure server capability: Not presentRelated Commands
Copyright © 2003 Cisco Systems, Inc. All rights reserved.
This document applies to Cisco IOS Release 12.2(15)T and derivative releases.
This document first published March 13th, 2003. Last updated June 16, 2003.
