Step

Command

Remarks

3.Create rules for this ACL.

rule [ rule-id] { deny permit }

[ counting fragment logging

source { sour-addr sour-wildcard N/A any } time-range

time-range-name vpn-instancevpn-instance-name ] *

4.

Exit the basic ACL view.

quit

N/A

 

 

 

 

5.

Associate the HTTP service

ip http acl acl-number

Configure either or both of the

 

with the ACL.

commands.

 

 

 

 

 

HTTP login and HTTPS login are

6.

Associate the HTTPS service

 

ip https acl acl-number

separate login methods. To use

 

with the ACL.

HTTPS login, you do not need to

 

 

 

 

 

configure HTTP login.

 

 

 

 

Logging off online Web users

Task

Command

Remarks

Display the current login users.

display web users

Available in user interface view.

Log off online Web users.

free web-users { all user-id

Available in user interface view.

user-id user-nameuser-name }

 

Web login control configuration example

Network requirements

Configure the firewall in Figure 80 to provide Web access service only to Host B.

Figure 80 Network diagram

Host A

10.110.100.46

IP network

Firewall

Host B

10.110.100.52

Configuration procedure

# Create ACL 2030, and configure rule 1 to permit packets sourced from Host B.

<Firewall> system-view

[Firewall] acl number 2030 match-order config [Firewall-acl-basic-2030] rule 1 permit source 10.110.100.52 0

#Associate the ACL with the HTTP service so only the Web users on Host B can access the firewall.

119