Did you know that your IOS-based router is capable as acting as a static webserver? Below you will find the steps necessary to turn a GNS/Dynamips box (or any ‘testlab’ machine) into something that can serve basic HTTP/HTTPS content. Due to the security implications of the steps below, it’s not recommended to do this on something that performs critical functions, or has access to any proprietary data. This document is the first in what I hope to be a series of ‘stupid router tricks’ – things that you can do on a stock Cisco router (but probably shouldn’t!).
In order to accomplish this, you need the following:
- IOS-based router (I used a virtual 7206 in GNS3/Dynamips)
- Enough free space on one of the filesystems to house your content
- FTP/TFTP server to transfer the content to the router
For the IOS router, I used a Dynamips-emulated 7206 running Advanced Enterprise software, code revision 12.4(24)T, but most ‘modern’ IOS versions should have the proper commands to accomplish this.
- Power on the router, and establish IP connectivity to your test machine. (I will leave this as an exercise to the reader. I assume by now you know how to accomplish this.)
- Enable the ‘http server’ process with the ‘ip http server‘ command.
- Direct the http process to use locally-defined usernames and passwords with the ‘ip http authentication local‘ command.
- Create a local username to access the web content. This user needs to have access to the view ‘view_access’ and privilege 15. It also *must* have a password (at least on 12.4(24)T code) with the ‘username webuser privilege 15 view view_access pass webuser‘ command. (Now you see why I stress to do this on a NON-PRODUCTION box! This username from my testing appears to need privilege 15 access!)
- Define the location where the content will reside on a local filesystem (in my case, disk0:) with the ‘ip http path disk0:‘ command.
- Copy (using TFTP/FTP/something else) the content to the filesystem.
- Now, this is the tricky part. If, for example, your router is at 192.168.117.2 and your main index is index.html, you need to go to the files directly. So in your browser, you go to: http://192.168.117.2/index.html (Failing to add the /index.html to the end will bring you to the router web configuration screen, not your content. (You didn’t expect a fully-featured HTTP server, did you?)
- Enjoy your ‘new’ (re-purposed) webserver!
Don’t expect a whole lot of performance out of said webserver, but I’m interested to see what other sort of tricks people might come up with related to this. Things I can think of off the top of my head include:
- Maybe some sort of automated web page to display statistics, perform configuration changes, etc?
The possibilities are endless, if you’re willing to think outside the box!
For reference, there are a lot more HTTP server configuration options (including HTTPS support) at the following URL: http://www.cisco.com/en/US/docs/ios-xml/ios/https/configuration/12-4/nm-http-web.html