Configures HTTP to use an ACL rule for access control.
add | Specifies that an ACL rule is to be added to the website. |
rule | Specifies an ACL rule. |
first | Specifies that the new rule is to be added before all other rules. |
before | Specifies that the new rule is to be added before a previous rule. |
after | Specifies that the new rule is to be added after a previous rule. |
previous_rule | Specifies an existing rule in the application. |
delete | Specifies that one particular rule is to be deleted. |
none | Specifies that all the rules or a policy file is to be deleted. |
N/A.
You must be logged in as administrator to configure HTTP parameters.
Use this command to restrict HTTP access by adding an ACL rule to the HTTP application. Once an ACL is associated with HTTP, all the packets that reach a HTTP module are evaluated with this ACL and appropriate action (permit or deny) is taken, as is done using policy files.
The permit or deny counters are also updated accordingly regardless of whether the ACL is configured to add counters. To display counter statistics, use the tftp put http command.
Only the following match conditions and actions are copied to the client memory. Others that may be in the rule are not copied.
Match conditions
Actions
When adding a new rule, use the first, before, and after previous_rule parameters to position it within the existing rules.
If the SNMP traffic does not match any of the rules, the default behavior is permit. To deny SNMP traffic that does not match any of the rules, add a deny all rule at the end or the rule list.
The following example copies the ACL rule, DenyAccess to the HTTP application in first place:
configure web http access-profile add DenyAccess first
The following example removes the association of the ACL rule DenyAccess from the HTTP application:
configure web http access-profile delete DenyAccess
The following example removes the association of all ACL rules from the HTTP application:
configure web http access-profile none
This command was first available in ExtremeXOS 12.5.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.