F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Getting Started Command Reference-6PW100
37
For Web access security, do not use this feature in production environments.
This command is not saved to the configuration file and cannot survive a reboot.
Examples
# Specify a fixed verification code for Web login
<Sysname> web captcha test
web https-authorization mode
Use web https-authorization mode to specify the authentication mode for users trying to log in to the
device through HTTPS.
Use undo web https-authorization mode to restore the default.
Syntax
web https-authorization mode { auto | manual }
undo web https-authorization mode
Default
A user must enter correct username and password to log in through HTTPS.
Views
System view
Default command level
2: System level
Parameters
auto: Uses the PKI certificates of HTTPS users to automatically authenticate them.
manual: Provides a login page for HTTPS users to enter the correct username and password.
Usage guidelines
When the auto mode is enabled:
• If the PKI certificate of the user is correct and not expired, the CN field in the certificate is used as
the username to perform AAA authentication. If the authentication succeeds, the user automatically
enters the Web interface of the device.
• If the PKI certificate of the user is correct and not expired, but the AAA authentication fails, the
device shows the Web login page. The user can log in to the device after entering correct username
and password.
• When the PKI certificate of the user is incorrect or expired, the HTTPS connection is terminated.
Examples
# Specify the auto authentication mode for users trying to log in to the device through HTTPS.
<Sysname> system-view
[Sysname] web https-authorization mode auto
web idle-timeout
Use web idle-timeout to set the Web user connection timeout time.
Use undo web idle-timeout to restore the default.