HTTP(S) Server¶
The HTTP server is used to store, process, and deliver web pages to the Web UI client using HTTP. It also serves resources such as HTML pages, Javascript files, images, etc. to web browser based applications or network applications that utilize the HTTP protocol for communication.
The HTTP server can be configured with TLS to provide secure HTTP communication.
HTTP Server Configuration¶
You can configure the following HTTP Server settings:
- Set the operation mode. The HTTP server can be enabled, disabled, or triggered by the CPM role. For details on configurable pins, see CPM.
- Specify the TLS credential to be used. For details on TLS credentials, see Data Communication Security (TLS).
- Set the authentication timeout value if Digest Authentication is in use.
- Specify the Inactivity Timeout for Standby Power mode.
To configure the HTTP server:
In Web Manager, go to HTTP Server > Configuration.
In CLI, see Config HTTP Server Level.
In XML, see configgroup HTTP server.
HTTP Server Configuration Settings¶
The following table describes the Web Manager HTTP Server configuration settings.
Links to the equivalent settings for the CLI and XML reference are listed below.
In CLI, see Config HTTP Server Level.
In XML, see configgroup HTTP server.
Note
Changes to HTTP Server take effect after reboot.
| HTTP Settings | Description |
|---|---|
| Mode | Enables or disables the HTTP server. Choices are: Enabled Disabled Triggered - HTTP Server will wait for the CPM Role to become active. Then the HTTP server stays up indefinitely. |
| Port | HTTP server port number. Default is 80. Clearing the field will restore the default. Enter 0 for none. |
| Secure Port | Secure port number. Enter 0 for none. The default Secure Port (TLS) can be overridden. |
| Secure Credential | TLS server credential. It may contain up to 30 characters. The secure credential specifies the name of the TLS Server Credential to be used for the secure connection. |
| Authentication Timeout | The Authentication Timeout value is applied only if Digest authentication is being used. |
HTTP Server Security¶
HTTP Server security provides role-based access control enabling you to assign authentication directives to specific URIs, config groups (for setting configuration), and status groups (for performing actions that appear in the status menu). In addition to controlling access to config groups, status groups, and built-in URIs (such as "/tlog" or "/upgrade"), you can also control access to URIs that you create, such as a "/welcome" URI.
To assign access control to specific URIs, config groups, and status groups, you specify the authentication type (what type of passphrase is required) and the user level (Admin, Tech, User, or None). The access control is hierarchical; Admin can access URIs, config groups, and status groups assigned to Admin or below, while Tech can access URIs, config groups, and status groups assigned to Tech or User level, and User can only access URIs, config groups, and status groups granted to User level. Additionally, the Tech user level can only see URIs, config groups, and status groups associated with their assigned Zone(s). See User Management for more details on zones.
The permission settings of a URI are passed on to the child folders of that URI, unless you set a different permission directive for a child folder. The directive will override the parent folder's access control setting.
When setting permissions for config groups and status groups, a partial group name can be used to apply that permission to all groups that match that partial name. For example, a permission for "Tunnel" would apply to "Tunnel Accept," "Tunnel Line," "Tunnel Connect," "Tunnel Disconnect," and "Tunnel Packing."
Built-in URIs
The following URIs are built in to the server:
| URI | Description |
|---|---|
| /action/status | Action Web API |
| /ajax | Web Manager helper |
| /export/config | Config export Web API |
| /export/status | Status export Web API |
| /import/config | Config import Web API |
| /wm/firmware_upgrade | Web Manager upgrade firmware |
| /wm/fs/copy | Web Manager copy file |
| /wm/fs/mkdir | Web Manager make directory |
| /wm/fs/rename | Web Manager rename file |
| /wm/fs/rm | Web Manager remove file |
| /wm/fs/rmdir | Web Manager remove directory |
| /wm/fs/upload | Web Manager upload file |
| /fs | File System Web API |
| /logout | Digest Authentication |
| /mux_http | Mux HTTP Listener |
| /tlog | Trouble Log |
| /upgrade | Firmware Upgrade Web API |
Example configuration:
To allow administrators full access and restrict users to only being able to configure line settings, set the configuration as follows:
- Config 1 Group: Line
- Config 1 User: User
Default permissions:
By default, only Admin level has permission. Permission needs to be given to users in the Tech or User levels.
Important
Permissions set here apply to the HTTP Server, including Web API and Web Manager. Permissions do not apply to CLI or CLI Server (Telnet CLI). Full access to CLI (and CLI Server if it's enabled) is given to all users.
HTTP Server Security Configuration¶
To configure HTTP server security from Web Manager:
- Go to HTTP Server > Security.
- Click Edit next to Access Control, Config, or Status.
- Enter a URI (starting with /), a config group, or a status group.
- Configure the authentication type and user level.
- If you have not created a Tech level user or User level user, do so now. See User Management for details.
- If necessary, create the URI and add an html file to the file system. See File System. If you configured access control on a built-in URI, you can skip this step.
- Test the authorization level.
For CLI, see Config HTTP Server Security Level.
For XML, see configgroup HTTP Server Security.