If you give your users guest access to a router, you might want to disable some web-based applications the router usually offers (for example, command execution). To do this, use the following steps (first supported in IOS release 12.3(14)T, integrated in 12.4):
- List all the web applications your Cisco IOS supports with the show ip http server session-module command. By default, all web applications should be active.
- Create a subset of applications you want to activate with the ip http session-module-list list-name module-list. global configuration command, for example.
- Activate the desired applications with the ip http active-session-modules list-name configuration command (you should also use the ip http secure-active-session-modules command if you've enabled HTTPS server).
- Verify the results with the show ip http server session-module command. Only the applications listed in your module list should be active, all others should be inactive.
ip http session-module-list NoExec HTTP_IFS,HOME_PAGE,QDM,QDM_SA,XML_Api,EzVPN-Web-Intercept