The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The HTTP 1.1 Web Server and Client feature provides a consistent interface for users and applications by implementing support for HTTP 1.1 in Cisco IOS software-based devices. When combined with the HTTPS feature, the HTTP 1.1 Web Server and Client feature provides a complete, secure solution for HTTP services between Cisco devices.
This module describes the concepts and the tasks related to configuring the HTTP 1.1 Web Server and Client feature.
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for the HTTP 1.1 Web Server and Client" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
•Information About the HTTP 1.1 Web Server and Client
•How to Configure HTTP 1.1 Web Server and Client
•Configuration Examples for HTTP 1.1 Web Server
•Feature Information for the HTTP 1.1 Web Server and Client
This feature updates the Cisco implementation of the Hypertext Transfer Protocol (HTTP) from 1.0 to 1.1. The HTTP server allows features and applications, such as the Cisco web browser user interface, to be run on your routing device.
The Cisco implementation of HTTP 1.1 is backward-compatible with previous Cisco IOS releases. If you are currently using configurations that enable the HTTP server, no configuration changes are needed, as all defaults remain the same.
The process of enabling and configuring the HTTP server also remains the same as in previous releases. Support for Server Side Includes (SSIs) and HTML forms has not changed. Additional configuration options, in the form of the ip http timeout-policy command and the ip http max-connections command, have been added. These options allow configurable resource limits for the HTTP server. If you do not use these optional commands, the default policies are used.
Remote applications may require that you enable the HTTP server before using them. Applications that use the HTTP server include:
•Cisco web browser user interface, which uses the Cisco IOS Homepage Server, HTTP-based EXEC Server, and HTTP IOS File System (IFS) Server
•VPN Device Manager (VDM) application, which uses the VDM Server and the XML Session Manager (XSM)
•QoS Device Manager (QDM) application, which uses the QDM Server
•IP Phone and Cisco IOS Telephony Service applications, which use the ITS Local Directory Search and IOS Telephony Server (ITS)
No Cisco applications use the HTTP Client in Cisco IOS Release 12.2(15)T.
The ip http timeout-policy command allows you to specify general access characteristics for the server by configuring a value for idle time, connection life, and request maximum. By adjusting these values you can configure a general policy; for example, if you want to maximize throughput for HTTP connections, you should configure a policy that minimizes connection overhead. You can configure this type of policy by specifying large values for the life and request options so that each connection stays open longer and more requests are processed for each connection.
Another example would be to configure a policy that minimizes the response time for new connections. You can configure this type of policy by specifying small values for the life and request options so that the connections are quickly released to serve new clients.
A throughput policy would be better for HTTP sessions with dedicated management applications, as it would allow the application to send more requests before the connection is closed, while a response time policy would be better for interactive HTTP sessions, as it would allow more people to connect to the server at the same time without having to wait for connections to become available.
In general, you should configure these options as appropriate for your environment. The value for the idle option should be balanced so that it is large enough not to cause an unwanted request or response timeout on the connection, but small enough that it does not hold a connection open longer than necessary.
Access security policies for the HTTP server are configured using the ip http authentication command, which allows only selective users to access the server, the ip http access-class command, which allows only selective IP hosts to access the server, and the ip http accounting commands command, which specifies a particular command accounting method for HTTP server users.
This section contains the following tasks:
•Configuring the HTTP 1.1 Web Server
Perform this task to enable the HTTP server and configure optional server characteristics. The HTTP server is disabled by default.
Note If you want to configure authentication (step 4), you must configure the authentication type before you begin configuring the HTTP 1.1 web server.
1. enable
2. configure terminal
3. ip http server
4. ip http authentication {aaa | enable | local | tacacs} (optional)
5. ip http accounting commands level {default | named-accounting-method-list} (optional)
6. ip http port port-number (optional)
7. ip http path url (optional)
8. ip http access-class access-list-number (optional)
9. ip http max-connections value (optional)
10. ip http timeout-policy idle seconds life seconds requests value (optional)
Perform this task to enable the HTTP client and configure optional client characteristics.
The standard HTTP 1.1 client and the secure HTTP client are always enabled. No commands exist to disable the HTTP client. For information about configuring optional characteristics for the HTTPS client, see the HTTPS-HTTP Server and Client with SSL 3.0, Release 12.2(15)T, feature module.
1. enable
2. configure terminal
3. ip http client cache {ager interval minutes | memory {file file-size-limit | pool pool-size-limit}
4. ip http client connection {forceclose | idle timeout seconds | retry count | timeout seconds}
5. ip http client password password
6. ip http client proxy-server proxy-name proxy-port port-number
7. ip http client response timeout seconds
8. ip http client source-interface type number
9. ip http client username username
This section provides the following configuration examples:
•Configuring the HTTP 1.1 Web Server: Example
The following example shows a typical configuration that enables the server and sets some of the characteristics:
ip http server
ip http authentication aaa
ip http accounting commands 15 default
ip http path flash:
ip access-list standard 20
permit 209.165.202.130 0.0.0.255
permit 209.165.201.1 0.0.255.255
permit 209.165.200.225 0.255.255.255
! (Note: all other access implicitly denied)
end
ip http access-class 10
ip http max-connections 10
ip http accounting commands 1 oneacct
In the following example, a Throughput timeout policy is applied. This configuration would allow each connection to be idle a maximum of 30 seconds (approximately). Each connection will remain open (be "alive") until either the HTTP server has been busy processing requests for approximately 2 minutes (120 seconds) or until approximately100 requests have been processed.
ip http timeout-policy idle 30 life 120 requests 100
In the following example, a Response Time timeout policy is applied. This configuration would allow each connection to be idle a maximum of 30 seconds (approximately). Each connection will be closed as soon as the first request has been processed.
ip http timeout-policy idle 30 life 30 requests 1
To verify remote connectivity to the HTTP server, enter the system IP address in a web browser, followed by a colon and the appropriate port number (80 is the default port number).
For example, if the system IP address is 209.165.202.129 and the port number is 8080, enter http://209.165.202.129:8080 as the URL in a web browser.
If HTTP authentication is configured, a login dialog box will appear. Enter the appropriate username and password. If the default login authentication method of "enable" is configured, you may leave the username field blank, and use the "enable" password to log in.
The system home page should appear in your browser.
For information about secure HTTP connections using Secure Sockets Layer (SSL) 3.0, refer to the HTTPS - HTTP with SSL 3.0, Release 12.2(15)T, feature module at: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsslsht.html
The following sections provide references related to the HTTP 1.1 Web Server and Client.
|
|
---|---|
HTTPS |
•HTTPS—HTTP with SSL 3.0 feature module •Firewall Support of HTTPS Authentication Proxy feature module |
HTTP commands |
|
|
---|---|
No specific standards are supported by this feature. Note that HTTP 1.1, as defined in RFC 2616, is currently classified as a "Standards Track" document by the IETF. |
— |
|
|
---|---|
RFC 2616 |
Hypertext Transfer Protocol -- HTTP/1.1 |
1 Not all supported RFCs are listed. |
The Cisco implementation of the HTTP version 1.1 supports a subset of elements defined in RFC 2616. Following is a list of supported RFC 2616 headers:
•Allow (Only GET, HEAD, and POST methods are supported)
•Authorization, WWW-Authenticate - Basic authentication only
•Cache-control
•Chunked Transfer Encoding
•Connection close
•Content-Encoding
•Content-Language
•Content-Length
•Content-Type
•Date, Expires
•Location
Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.4T or Cisco IOS Release 12.2SR or a later release appear in the table.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
|
|
|
---|---|---|
HTTP 1.1 Web Server and Client |
12.2(15)T |
The HTTP 1.1 Web Server and Client feature provides a consistent interface for users and applications by implementing support for HTTP 1.1 in Cisco IOS software-based devices. When combined with the HTTPS feature, the HTTP 1.1 Web Server and Client feature provides a complete, secure solution for HTTP services between Cisco devices. This entire module provides information about this feature. The following commands were introduced or modified by this feature: debug ip http all, debug ip http client, ip http access-class, ip http authentication, ip http client cache, ip http client connection, ip http client password, ip http client proxy-server, ip http client response timeout, ip http client source-interface, ip http client username, ip http max-connections, ip http path, ip http port, ip http server, ip http timeout-policy, show ip http client, show ip http client connection, show ip http client history, show ip http client session-module, show ip http server, show ip http server secure status. |
HTTP TACAC+ Accounting Support |
12.4(15)T |
The HTTP TACAC+ Accounting Support feature introduces the ip http accounting commands command. This command is used to specify a particular command accounting method for HTTP server users. Command accounting provides information about the commands for a specified privilege level that are being executed on a device. Each command accounting record corresponds to one IOS command executed at its respective privilege level, as well as the date and time the command was executed, and the user who executed it. The following sections provide information about this feature: •Configuring the HTTP 1.1 Web Server The following commands were introduced or modified by this feature: ip http accounting commands. |