Table of Contents

1 HTTP Configuration Commands· 1-1

HTTP Configuration Commands· 1-1

display ip http· 1-1

ip http acl 1-2

ip http enable· 1-2

ip http port 1-3

2 HTTPS Configuration Commands· 2-1

HTTPS Configuration Commands· 2-1

display ip https· 2-1

ip https acl 2-2

ip https certificate access-control-policy· 2-2

ip https enable· 2-3

ip https port 2-4

ip https ssl-server-policy· 2-5

 

HTTP Configuration Commands

display ip http

Syntax

display ip http

View

Any view

Default Level

1: Monitor level

Parameters

None

Description

Use the display ip http command to display information about HTTP.

Examples

# Display information about HTTP..

<Sysname> display ip http

HTTP port: 80

Basic ACL: 2222

Current connection: 0

Operation status: Running

Table 1-1 display ip http command output description

Field	Description
HTTP port	Port number used by the HTTP service
Basic ACL	A basic ACL number associated with the HTTP service
Current connection	The number of current connections
Operation status	Operation status, which takes the following values: l      Running: The HTTP service is enabled. l      Stopped: The HTTP service is disabled.

 

ip http acl

Syntax

ip http acl acl-number

undo ip http acl

View

System view

Default Level

2: System level

Parameters

acl-number: ACL number, in the range 2000 to 2999 ( basic IPv4 ACL).

Description

Use the ip http acl command to associate the HTTP service with an ACL.

Use the undo ip http acl command to remove the association.

By default, the HTTP service is not associated with any ACL.

After the HTTP service is associated with an ACL, only the clients permitted by the ACL can access the device.

Note that: If you execute the ip http acl command for multiple times to associate the HTTP service with ACLs, the HTTP service is only associated with the last specified ACL.

Related commands: display ip http and acl number in ACL Commands in the Security Volume.

Examples

# Configure to associate the HTTP service with ACL 2001 and only allow the clients within the 10.10.0.0/16 network segment to access the device through the Web function.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-basic-2001] quit

[Sysname] ip http acl 2001

ip http enable

Syntax

ip http enable

undo ip http enable

View

System view

Default Level

2: System level

Parameters

None

Description

Use the ip http enable command to enable the HTTP service.

Use the undo ip http enable command to disable the HTTP service.

By default, the HTTP service is enabled.

The device can act as the HTTP server and the users can access and control the device through the Web function only after the HTTP service is enabled.

Related commands: display ip http.

Examples

# Disable the HTTP service.

<Sysname> system-view

[Sysname] undo ip http enable

ip http port

Syntax

ip http port port-number

undo ip http port

View

System view

Default Level

3: Manage level

Parameters

port-number: Port number of the HTTP service, in the range 1 to 65535.

Description

Use the ip http port command to configure the port number of the HTTP service.

Use the undo ip http port command to restore the default.

By default, the port number of the HTTP service is 80.

Note that this command does not check whether the configured port number conflicts with that of an existing service. Therefore, you must ensure that the port number is not used by another service before the configuration.

Related commands: display ip http.

Examples

# Configure the port number of the HTTP service as 8080.

<Sysname> system-view

[Sysname] ip http port 8080

HTTPS Configuration Commands

display ip https

Syntax

display ip https

View

Any view

Default Level

1: Monitor level

Parameters

None

Description

Use the display ip https command to display information about HTTPS.

Examples

# Display information about HTTPS.

<Sysname> display ip https

HTTPS port: 443

SSL server policy: test

Certificate access-control-policy:

Basic ACL: 2222

Current connection: 0

Operation status: Running

Table 2-1 display ip https command output description

Field	Description
HTTPS port	Port number used by the HTTPS service
SSL server policy	The SSL server policy associated with the HTTPS service
Certificate access-control-policy	The certificate attribute access control policy associated with the HTTPS service
Basic ACL	The basic ACL number associated with the HTTPS service
Current connection	The number of current connections
Operation status	Operation status, which takes the following values: l      Running: The HTTPS service is enabled. l      Stopped: The HTTPS service is disabled.

 

ip https acl

Syntax

ip https acl acl-number

undo ip https acl

View

System view

Default Level

3: Manage level

Parameters

acl-number: ACL number, in the range 2000 to 2999 ( basic IPv4 ACL).

Description

Use the ip https acl command to associate the HTTPS service with an ACL.

Use the undo ip https acl command to remove the association.

By default, the HTTPS service is not associated with any ACL.

After the HTTPS service is associated with an ACL, only the clients permitted by the ACL can access the device.

Note that: If you execute the ip https acl command for multiple times to associate the HTTPS service with ACLs, the HTTPS service is only associated with the last specified ACL.

Related commands: display ip https and acl number in ACL Commands in the Security Volume

Examples

# Associate the HTTPS service with ACL 2001 and only allow the clients within the 10.10.0.0/16 network segment to access the HTTPS server through the Web function.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-basic-2001] quit

[Sysname] ip https acl 2001

ip https certificate access-control-policy

Syntax

ip https certificate access-control-policy policy-name

undo ip https certificate access-control-policy

View

System view

Default Level

3: Manage level

Parameters

policy-name: Name of the certificate attribute access control policy, a string of 1 to 16 characters.

Description

Use the ip https certificate access-control-policy command to associate the HTTPS service with a certificate attribute access control policy.

Use the undo ip https certificate access-control-policy command to remove the association.

By default, the HTTPS service is not associated with any certificate attribute access control policy.

Association of the HTTPS service with a certificate attribute access control policy can control the access rights of clients.

Related commands: display ip https and pki certificate access-control-policy. (In PKI Commands in the Security Volume)

Examples

# Associate the HTTPS server to certificate attribute access control policy myacl.

<Sysname> system-view

[Sysname] ip https certificate access-control-policy myacl

ip https enable

Syntax

ip https enable

undo ip https enable

View

System view

Default Level

3: Manage level

Parameters

None

Description

Use the ip https enable command to enable the HTTPS service.

Use the undo ip https enable command to disable the HTTPS service.

By default, the HTTPS service is disabled.

The device can act as the HTTP server and the users can access and control the device through the Web function only after the HTTP service is enabled.

Note that enabling of the HTTPS service triggers an SSL handshake negotiation process. During the process, if a local certificate of the device already exists, the SSL negotiation is successfully performed, and the HTTPS service can be started normally. If no local certificate exists, a certificate application process will be triggered by the SSL negotiation. Since the application process takes much time, the SSL negotiation often fails and the HTTPS service cannot be started normally. Therefore, the ip https enable command must be executed for multiple times to ensure normal startup of the HTTPS service.

Related commands: display ip https.

Examples

# Enable the HTTPS service.

<Sysname> system-view

[Sysname] ip https enable

ip https port

Syntax

ip https port port-number

undo ip https port

View

System view

Default Level

3: Manage level

Parameters

port-number: Port number of the HTTPS service, in the range 1 to 65535.

Description

Use the ip https port command to configure the port number of the HTTPS service.

Use the undo ip https port command to restore the default.

By default, the port number of the HTTPS service is 443.

Note that this command does not check whether the configured port number conflicts with that of an existing service. Therefore, you must ensure that the port number is not used by another service before the configuration.

Related commands: display ip https.

Examples

# Configure the port number of the HTTPS service as 6000.

<Sysname> system-view

[Sysname] ip https port 6000

ip https ssl-server-policy

Syntax

ip https ssl-server-policy policy-name

undo ip https ssl-server-policy

View

System view

Default Level

3: Manage level

Parameters

policy-name: Name of an SSL server policy, a string of 1 to 16 characters.

Description

Use the ip https ssl-server-policy command to associate the HTTPS service with an SSL server-end policy.

Use the undo ip https ssl-server-policy to remove the association between the HTTPS service and an SSL server-end policy.

By default, the HTTPS service is not associated with any SSL server-end policy.

Note that:

l          The HTTPS service can be enabled only after this command is configured successfully.

l          You cannot modify an SSL server-end policy or remove the association between the HTTPS service and an SSL server-end policy after the HTTS service is enabled.

Related commands: display ip https and ssl server-policy in SSL Commands in the Security Volume

Examples

# Configure the HTTPS service to use SSL server-end policy myssl.

<Sysname> system-view

[Sysname] ip https ssl-server-policy myssl