Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-HTTP Commands | 52.97 KB |
l The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region.
l Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model. For more information, see Feature Matrix.
l The interface types and the number of interfaces vary by AP model.
HTTP Configuration Commands
display ip http
Syntax
display ip http
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display ip http command to display information about HTTP.
Examples
# Display information about HTTP..
<Sysname> display ip http
HTTP port: 80
WLAN ACL: 100
Basic ACL: 2222
Current connection: 0
Operation status: Running
Table 1-1 display ip http command output description
|
Field |
Description |
|
HTTP port |
Port number used by the HTTP service |
|
WLAN ACL |
A WLAN ACL number associated with the HTTP service (whether this field is displayed depends on the device model) |
|
Basic ACL |
A basic ACL number associated with the HTTP service |
|
Current connection |
The number of current connections |
|
Operation status |
Operation status, which takes the following values: l Running: The HTTP service is enabled. l Stopped: The HTTP service is disabled. |
ip http acl
Syntax
ip http acl acl-number
undo ip http acl acl-number
View
System view
Default Level
2: System level
Parameters
acl-number: ACL number, in the range (The value range depends on the device model):
l 100 to 199: WLAN ACL
l 2000 to 2999: basic IPv4 ACL
Description
Use the ip http acl command to associate the HTTP service with an ACL.
Use the undo ip http acl command to remove the association.
By default, the HTTP service is not associated with any ACL.
After the HTTP service is associated with an ACL, only the clients permitted by the ACL can access the device.
The HTTP service can be associated with a WLAN ACL and a basic ACL, and the two types of ACLs will not overwrite each other. However, ACLs of the same type will overwrite each other. In other words, if you execute the ip http acl command for multiple times to associate the HTTP service with the same type of ACLs, the HTTP service is only associated with the last specified ACL.
When the HTTP service is associated with a WLAN ACL, the HTTP service uses this ACL to filter wireless clients only, and does not filter wire clients with this ACL.
Related commands: display ip http and acl number (in ACL in the ACL and QoS Command Reference).
Examples
# Associate the HTTP service with ACL 100 and only allow the wireless client with the SSID user-ssid-name to access the device through the Web function.
<Sysname> system-view
[Sysname] acl number 100
[Sysname-acl-wlan-100] rule permit ssid user-ssid-name
[Sysname-acl-wlan-100] quit
[Sysname] ip http acl 100
# Configure to associate the HTTP service with ACL 2001 and only allow the clients within the 10.10.0.0/16 network segment to access the device through the Web function.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ip http acl 2001
ip http enable
Syntax
ip http enable
undo ip http enable
View
System view
Default Level
2: System level
Parameters
None
Description
Use the ip http enable command to enable the HTTP service.
Use the undo ip http enable command to disable the HTTP service.
The device can act as the HTTP server and the users can access and control the device through the Web function only after the HTTP service is enabled.
Related commands: display ip http.
Examples
# Enable the HTTP service.
<Sysname> system-view
[Sysname] ip http enable
# Disable the HTTP service.
<Sysname> system-view
[Sysname] undo ip http enable
ip http port
Syntax
ip http port port-number
undo ip http port
View
System view
Default Level
3: Manage level
Parameters
port-number: Port number of the HTTP service, in the range 1 to 65535.
Description
Use the ip http port command to configure the port number of the HTTP service.
Use the undo ip http port command to restore the default.
By default, the port number of the HTTP service is 80.
This command does not check whether the configured port number conflicts with that of an existing service. Therefore, ensure that the port number is not used by another service before the configuration.
Related commands: display ip http.
Examples
# Configure the port number of the HTTP service as 8080.
<Sysname> system-view
[Sysname] ip http port 8080
HTTPS Configuration Commands
display ip https
Syntax
display ip https
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display ip https command to display information about HTTPS.
Examples
# Display information about HTTPS.
<Sysname> display ip https
HTTPS port: 443
SSL server policy: test
Certificate access-control-policy:
WLAN ACL: 100
Basic ACL: 2222
Current connection: 0
Operation status: Running
Table 2-1 display ip https command output description
|
Field |
Description |
|
HTTPS port |
Port number used by the HTTPS service |
|
SSL server policy |
The SSL server policy associated with the HTTPS service |
|
Certificate access-control-policy |
The certificate attribute access control policy associated with the HTTPS service |
|
WLAN ACL |
A WLAN ACL number associated with the HTTPS service (whether this field is displayed depends on the device model) |
|
Basic ACL |
The basic ACL number associated with the HTTPS service |
|
Current connection |
The number of current connections |
|
Operation status |
Operation status, which takes the following values: l Running: The HTTPS service is enabled. l Stopped: The HTTPS service is disabled. |
ip https acl
Syntax
ip https acl acl-number
undo ip https acl acl-number
View
System view
Default Level
3: Manage level
Parameters
acl-number: ACL number, in the range (The value range depends on the device model):
l 100 to 199: WLAN ACL
l 2000 to 2999: basic IPv4 ACL
Description
Use the ip https acl command to associate the HTTPS service with an ACL.
Use the undo ip https acl command to remove the association.
By default, the HTTPS service is not associated with any ACL.
After the HTTPS service is associated with an ACL, only the clients permitted by the ACL can access the device.
The HTTPS service can be associated with a WLAN ACL and basic ACL, and the two types of ACLs will not overwrite each other. However, ACLs of the same type will overwrite each other, that is, if you execute the ip https acl command for multiple times to associate the HTTPS service with the same type of ACLs, the HTTPS service is only associated with the last specified ACL.
When the HTTPS service is associated with a WLAN ACL, the HTTPS service uses this ACL to filter wireless clients only, and does not filter wire clients with this ACL.
Related commands: display ip https and acl number (in ACL in the ACL and QoS Command Reference).
Examples
# Associate the HTTPS service with ACL 100 and only allow the wireless client with the SSID user-ssid-name to access the device through the Web function.
<Sysname> system-view
[Sysname] acl number 100
[Sysname-acl-wlan-100] rule permit ssid user-ssid-name
[Sysname-acl-wlan-100] quit
[Sysname] ip https acl 100
# Associate the HTTPS service with ACL 2001 and only allow the clients within the 10.10.0.0/16 network segment to access the HTTPS server through the Web function.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ip https acl 2001
ip https certificate access-control-policy
Syntax
ip https certificate access-control-policy policy-name
undo ip https certificate access-control-policy
View
System view
Default Level
3: Manage level
Parameters
policy-name: Name of the certificate attribute access control policy, a string of 1 to 16 characters.
Description
Use the ip https certificate access-control-policy command to associate the HTTPS service with a certificate attribute access control policy.
Use the undo ip https certificate access-control-policy command to remove the association.
By default, the HTTPS service is not associated with any certificate attribute access control policy.
Association of the HTTPS service with a certificate attribute access control policy can control the access rights of clients.
Related commands: display ip https (in HTTP in the Fundamentals Command Reference) and pki certificate access-control-policy (in PKI in the Security Command Reference).
Examples
# Associate the HTTPS server to certificate attribute access control policy myacl.
<Sysname> system-view
[Sysname] ip https certificate access-control-policy myacl
ip https enable
Syntax
ip https enable
undo ip https enable
View
System view
Default Level
3: Manage level
Parameters
None
Description
Use the ip https enable command to enable the HTTPS service.
Use the undo ip https enable command to disable the HTTPS service.
By default, the HTTPS service is disabled.
The device can act as the HTTP server and the users can access and control the device through the Web function only after the HTTP service is enabled.
Enabling of the HTTPS service triggers an SSL handshake negotiation process. During the process, if a local certificate of the device already exists, the SSL negotiation is successfully performed, and the HTTPS service can be started normally. If no local certificate exists, a certificate application process will be triggered by the SSL negotiation. Because the application process takes much time, the SSL negotiation often fails and the HTTPS service cannot be started normally. Therefore, execute the ip https enable command for multiple times to ensure normal startup of the HTTPS service.
Related commands: display ip https.
Examples
# Enable the HTTPS service.
<Sysname> system-view
[Sysname] ip https enable
ip https port
Syntax
ip https port port-number
undo ip https port
View
System view
Default Level
3: Manage level
Parameters
port-number: Port number of the HTTPS service, in the range 1 to 65535.
Description
Use the ip https port command to configure the port number of the HTTPS service.
Use the undo ip https port command to restore the default.
By default, the port number of the HTTPS service is 443.
This command does not check whether the configured port number conflicts with that of an existing service. Therefore, ensure that the port number is not used by another service before the configuration.
Related commands: display ip https.
Examples
# Configure the port number of the HTTPS service as 6000.
<Sysname> system-view
[Sysname] ip https port 6000
ip https ssl-server-policy
Syntax
ip https ssl-server-policy policy-name
undo ip https ssl-server-policy
View
System view
Default Level
3: Manage level
Parameters
policy-name: Name of an SSL server policy, a string of 1 to 16 characters.
Description
Use the ip https ssl-server-policy command to associate the HTTPS service with an SSL server-end policy.
Use the undo ip https ssl-server-policy to remove the association between the HTTPS service and an SSL server-end policy.
By default, the HTTPS service is not associated with any SSL server-end policy.
The HTTPS service can be enabled only after this command is configured successfully.
You cannot modify an SSL server-end policy or remove the association between the HTTPS service and an SSL server-end policy after the HTTPS service is enabled.
Related commands: display ip https (in HTTP in the Fundamentals Command Reference) and ssl server-policy (in SSL in the Security Command Reference).
Examples
# Configure the HTTPS service to use SSL server-end policy myssl.
<Sysname> system-view
[Sysname] ip https ssl-server-policy myssl
