R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101
119
To do… Use the command…
Remarks
Create a basic ACL and enter its
view, or enter the view of an
existing basic ACL
acl [ ipv6 ] number acl-number
[ match-order { config | auto } ]
Required
By default, no basic ACL exists.
Create rules for this ACL
rule [ rule-id ] { permit | deny }
[ source { sour-addr sour-wildcard
| any } | time-range time-name |
fragment | logging ]*
Required
Exit the basic ACL view
quit —
Associate the HTTP service with the
ACL
ip http acl acl-number
Required
Use either command.
Associate the HTTPS service with
the ACL
ip https acl acl-number
Logging off online web users
Follow this step to log off online web users:
To do… Use the command…
Remarks
Log off online web users
free web-users { all | user-id
user-id | user-name user-name }
Required
Execute the command in user interface
view.
Source IP-based login control over web users configuration example
1. Network requirements
As shown in Figure 73, c
onfigure the Firewall to allow only web users from Host B to access.
Figure 73 Network diagram for configuring source IP-based login control over web users
2. Configuration procedure
# Create ACL 2000, and configure rule 1 to permit packets sourced from Host B.
<Firewall > system-view
[Firewall] acl number 2030 match-order config
[Firewall-acl-basic-2030] rule 1 permit source 10.110.100.52 0
# Associate the ACL with the HTTP service so that only web users from Host B are allowed to access the
Firewall.