<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Verdana; font-size: 10pt; color: #000000'>Personally speaking, I would investigate using ACLs to limit access to the phones web browser/server. There are many services (some Cisco, some third party) that use the web server to do stuff, like post messages, etc. <br><br>Granted, it's a little more involved, and you need to have separate voice and data VLANs, but it's a better long term approach. IMHO.<br><br>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>"Bad grammar makes me [sic]" - Tshirt<br><br><br>----- Original Message -----<br>From: "Wes Sisk" <wsisk@cisco.com><br>To: "mark baker" <mb@c2ukltd.com><br>Cc: cisco-voip@puck.nether.net<br>Sent: Tuesday, November 3, 2009 9:32:09 AM GMT -05:00 US/Canada Eastern<br>Subject: Re: [cisco-voip] Preventing Web Access to 79xx<br><br>
What Philip indicated is correct. Change that setting, reset the
phone. phone should download new config file. Then phone should
disable http interface. ACL should not be necessary. If you made the
change on the phone and it's not taking effect then I strongly
recommend investigating that more closely. This can be a symptom of
more significant issues on your CM.<br>
<br>
/Wes<br>
<br>
On Tuesday, November 03, 2009 7:07:46 AM, mark baker
<a class="moz-txt-link-rfc2396E" href="mailto:mb@c2ukltd.com" target="_blank"><mb@c2ukltd.com></a> wrote:<br>
<blockquote cite="mid:D1A103FC66548F48A31C18643B979EB0CE92F7BC56@WOLVERINE.c2ukltd.local">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">We have
tried preventing Web
Access here however we are still able to get in some how. Now in the
process
of putting ACL although you would have thought there was a smarter way
of achieving
this?? Many thanks for all of the replies so far folks.</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"> </span></p>
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif";" lang="EN-US">From:</span></b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif";" lang="EN-US"> Philip Walenta [<a class="moz-txt-link-freetext" href="mailto:pwalenta@wi.rr.com" target="_blank">mailto:pwalenta@wi.rr.com</a>] <br>
<b>Sent:</b> 03 November 2009 12:00<br>
<b>To:</b> mark baker; <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: [cisco-voip] Preventing Web Access to 79xx</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);" lang="EN-US">On my CUCM 7.0.2
system I see an option under “Product Specific Configuration Layout” on
my
7970’s. It’s called “Web Access”…have you tried this?</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif";" lang="EN-US">From:</span></b><span style="font-size: 10pt; font-family: "Tahoma","sans-serif";" lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>
[<a class="moz-txt-link-freetext" href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">mailto:cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of </b>mark
baker<br>
<b>Sent:</b> Tuesday, November 03, 2009 3:53 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> [cisco-voip] Preventing Web Access to 79xx</span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal">Hi Folks,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">We are currently deploying a CCM system and have
a security
remit of locking all Web Access to our 79xx phones. Can anyone advise
on this
no matter what we try we can still access. All help much appreciated.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Regards,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Mark</p>
</div>
<pre><hr size="4" width="90%">
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<br>
<br>_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
</div></body></html>