The http acl command configures an ACL/ACL6 on the HTTPS server.
The undo http acl command deletes the ACL/ACL6 on the HTTPS server.
By default, no ACL/ACL6 is configured on the HTTPS server.
HTTPS IPv4:
http acl acl-number
undo http acl
HTTPS IPv6:
http ipv6 acl acl6-number
undo http ipv6 acl
| Parameter | Description | Value |
|---|---|---|
| acl-number | Specifies the ACL number for an HTTP IPv4 server. | The value is an integer that ranges from 2000 to 3999. |
| acl6-number | Specifies the ACL6 number for an HTTP IPv6 server. |
The value is an integer that ranges from 2000 to 3999. |
Usage Scenario
To ensure the security of an HTTPS server, you need to configure an ACL/ACL6 for it to specify clients that can log in to the current HTTPS server.
Precautions
The http acl command takes effect only after you run the rule command to configure the ACL/ACL6 rule.
After an ACL/ACL6 rule is modified, the HTTPS server does not forcibly log out an online user who matches the ACL/ACL6 rule until the user sends the next login request.
If the http acl command is configured several times, only the latest configuration takes effect.
# Set the ACL number to 2000 for the HTTPS IPv4 server.
<HUAWEI> system-view [HUAWEI] acl 2000 [HUAWEI-acl-basic-2000] rule 1 permit source 10.1.1.1 0 [HUAWEI-acl-basic-2000] quit [HUAWEI] http acl 2000
# Set the ACL6 number to 2000 for the HTTPS IPv6 server.
<HUAWEI> system-view [HUAWEI] acl ipv6 2000 [HUAWEI-acl6-basic-2000] rule 1 permit source fc00:1::1 128 [HUAWEI-acl6-basic-2000] quit [HUAWEI] http ipv6 acl 2000