Login
- Table of Contents
-
- 05-Network Connectivity
- 00-Preface
- 01-MAC address table commands
- 02-Ethernet link aggregation commands
- 03-VLAN commands
- 04-Loop detection commands
- 05-Spanning tree commands
- 06-LLDP commands
- 07-Layer 2 forwarding commands
- 08-L2TP commands
- 09-ARP commands
- 10-IP addressing commands
- 11-DHCP commands
- 12-DHCP snooping commands
- 13-DHCPv6 commands
- 14-DHCPv6 snooping commands
- 15-DNS commands
- 16-HTTP commands
- 17-IP forwarding basics commands
- 18-Fast forwarding commands
- 19-Adjacency table commands
- 20-IP performance optimization commands
- 21-IPv6 basics commands
- 22-IPv6 neighbor discovery commands
- 23-IPv6 fast forwarding commands
- 24-NAT commands
- 25-Basic IP routing commands
- 26-Static routing commands
- 27-RIP commands
- 28-OSPF commands
- 29-Policy-based routing commands
- 30-IPv6 policy-based routing commands
- 31-IPv6 static routing commands
- 32-RIPng commands
- 33-GRE commands
- 34-IGMP snooping commands
- 35-MLD snooping commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 16-HTTP commands | 69.91 KB |
HTTP commands
display ip http
Use display ip http to display HTTP service configuration and status information.
Syntax
display ip http
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display HTTP service configuration and status information.
<Sysname> display ip http
HTTP port: 80
Basic ACL: 2222
HTTP status: Enabled
Table 1 Command output
|
Field |
Description |
|
HTTP port |
HTTP service port number. |
|
Basic ACL |
ACL used to control HTTP access. If no ACL is used, this field displays 0. |
|
HTTP status |
Whether the HTTP service is enabled. |
Related commands
ip http acl
ip http enable
ip http port
display ip https
Use display ip https to display HTTPS service configuration and status information.
Syntax
display ip https
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display HTTPS service configuration and status information.
<Sysname> display ip https
HTTPS port: 443
SSL server policy: test
Certificate access control policy: Not configured
Basic ACL: 2222
HTTPS status: Enabled
Table 2 Command output
|
Field |
Description |
|
HTTPS port |
HTTPS service port number. |
|
SSL server policy |
SSL server policy applied to the HTTPS service. If no SSL server policy is applied, this field displays Not configured. |
|
Certificate access-control-policy |
Certificate-based access control policy used to control client access rights. If no certificate-based access control policy is used, this field displays Not configured. |
|
Basic ACL |
ACL used to control HTTPS access. If no ACL is used, this field displays 0. |
|
HTTPS status |
Whether the HTTPS service is enabled. |
Related commands
ip https acl
ip https certificate access-control-policy
ip https enable
ip https port
ip https ssl-server-policy
ip http acl
Use ip http acl to apply an ACL to the HTTP service.
Use undo ip http acl to restore the default.
Syntax
ip http acl { acl-number | name acl-name }
undo ip http acl
Default
No ACL is applied to the HTTP service.
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an ACL by its number. The value range is 2000 to 2999.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists and is a basic ACL.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Only clients permitted by the applied ACL can access the device through HTTP.
Examples
# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTP.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] ip http acl 2001
Related commands
acl (ACL and QoS Command Reference)
ip http enable
Use ip http enable to enable the HTTP service.
Use undo ip http enable to disable the HTTP service.
Syntax
ip http enable
undo ip http enable
Default
The HTTP service is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To allow users to access the device through HTTP, you must enable the HTTP service.
To improve device security, the system automatically enables the HTTPS service when you enable the HTTP service. When the HTTP service is enabled, you cannot disable the HTTPS service.
Examples
# Enable the HTTP service.
<Sysname> system-view
[Sysname] ip http enable
Related commands
ip https enable
ip http port
Use ip http port to specify the HTTP service port number.
Use undo ip http port to restore the default.
Syntax
ip http port port-number
undo ip http port
Default
The HTTP service port number is 80.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
When the HTTP service is enabled, changing the HTTP service port number re-enables the HTTP service and closes all HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.
Examples
# Set the HTTP service port number to 80.
<Sysname> system-view
[Sysname] ip http port 80
ip https acl
Use ip https acl to apply an ACL to the HTTPS service.
Use undo ip https acl to restore the default.
Syntax
ip https acl { acl-number | name acl-name }
undo ip https acl
Default
No ACL is applied to the HTTP service.
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an ACL by its number. The value range is 2000 to 2999.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists and is a basic ACL.
Usage guidelines
To access the device, HTTPS clients must be permitted by the ACL applied to the HTTPS service.
Because the device always uses HTTPS to transfer Web login requests, the ACL applied to the HTTPS service controls both HTTPS and HTTP logins. To access the device, HTTP clients must be permitted by the following ACLs:
· ACL applied to the HTTP service.
· ACL applied to the HTTPS service.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTPS or HTTP.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] ip https acl 2001
Related commands
acl (ACL and QoS Command Reference)
ip https certificate access-control-policy
Use ip https certificate access-control-policy to apply a certificate-based access control policy to control HTTPS access.
Use undo ip https certificate access-control-policy to restore the default.
Syntax
ip https certificate access-control-policy policy-name
undo ip https certificate access-control-policy
Default
No certificate-based access control policy is applied for HTTPS access control.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a certificate-based access control policy by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
For more information about the certificate-based access control policy, see PKI configuration in Security Configuration Guide.
Examples
# Use certificate-based access control policy myacl to control HTTPS access.
<Sysname> system-view
[Sysname] ip https certificate access-control-policy myacl
Related commands
pki certificate access-control-policy (Security Command Reference)
ip https enable
Use ip https enable to enable the HTTPS service.
Use undo ip https enable to disable the HTTPS service.
Syntax
ip https enable
undo ip https enable
Default
The HTTPS service is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To allow users to access the device through HTTPS, you must enable the HTTPS service.
Enabling the HTTPS service triggers the SSL handshake negotiation process.
· If the device has a local certificate, the SSL handshake negotiation succeeds and the HTTPS service starts up.
· If the device does not have a local certificate, the certificate application process starts. Because the certificate application process takes a long time, the SSL handshake negotiation might fail and the HTTPS service might not be started. To solve the problem, execute this command again until the HTTPS service is enabled.
Examples
# Enable the HTTPS service.
<Sysname> system-view
[Sysname] ip https enable
Related commands
ip https certificate access-control-policy
ip https ssl-server-policy
ip https port
Use ip https port to specify the HTTPS service port number.
Use undo ip https port to restore the default.
Syntax
ip https port port-number
undo ip https port
Default
The HTTPS service port number is 443.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
When the HTTPS service is enabled, changing the HTTPS service port number re-enables the HTTPS service and closes all HTTPS and HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.
Examples
# Set the HTTPS service port number to 8080.
<Sysname> system-view
[Sysname] ip https port 8080
ip https ssl-server-policy
Use ip https ssl-server-policy to apply an SSL server policy to control HTTPS access.
Use undo ip https ssl-server-policy to restore the default.
Syntax
ip https ssl-server-policy policy-name
undo ip https ssl-server-policy
Default
No SSL server policy is applied. The HTTPS service uses a self-signed certificate.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an SSL server policy name, a string of 1 to 31 characters.
Usage guidelines
If the HTTP service and HTTPS service are enabled, changes to the applied SSL server policy do not take effect. For the changes to take effect, you must disable HTTP and HTTPS, and then apply the policy and enable HTTP and HTTPS again.
To restore the default, you must disable HTTP and HTTPS, execute the undo ip https ssl-server-policy command, and then enable HTTP and HTTPS again.
Examples
# Apply SSL server policy myssl to the HTTPS service.
<Sysname> system-view
[Sysname] ip https ssl-server-policy myssl
Related commands
ssl server-policy (Security Command Reference)
