IOS - ip http server

Most if not all Cisco IOS devices, both switches and routers, as well as ASA devices, have the capability to run a local web server. This web server is used for several purposes, primarily to obtain a web interface GUI for the router to configure it and/or to view statistical and monitoring information about the device.

Of course, the actual features that you are able to configure and see from that web interface depend upon the platform and the IOS version that you are using.

To enable the web server on a Cisco IOS router or switch, you use one of the following commands in global configuration mode:

ip http server ip http secure-server

The first command enables the web server using HTTP while the second enables it using HTTPS. Once this is done, you can then enter the IP address of the device (the address of any interface by default) and view the web page.

For Cisco ASA, use the http server enable command to start the built-in HTTP server. This server only only supports HTTPS.

In the ASA OS, you would also need to specify which hosts or networks are allowed to connect to the HTTP server using the http <network> <netmask> <interface> command. For example, to allow any host on the 192.168.1.0/24 network to connect to the HTTP server through the inside interface, you would use the command http 192.168.1.0 255.255.255.0 inside. Take a look at Cisco ASA HTTPS server for more info.

Best practice dictates that you should disable the web server due to the fact that it can be exploited for attacks. This can be done using the following commands on IOS devices:

no ip http server no ip http secure

https://forum.networklessons.com/t/cisco-ios-nat-port-forwarding/1229/37?u=lagapides

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/command/nm-https-cr-book/nm-https-cr-cl-sh.html#wp3775424912

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/command/nm-https-cr-book/nm-https-cr-cl-sh.html#wp3445024686