CloudEngine S8700 V600R022C00 Command Reference
Web UI-based Login Configuration Commands
- display web-manager
- web-manager captcha enable
- web-manager enable
- web-manager http forward enable
- web-manager lock-ip
- web-manager max-user-number
- web-manager security ca-certificate
- web-manager security non-existent-url enable
- web-manager security server-certificate
- web-manager security verify-ssl-peer
- web-manager server-source
- web-manager server-source -a
- web-manager slow-attack check
- web-manager timeout
- web-manager warning-banner
- web-manager warning-banner enable
display web-manager
Function
The display web-manager command displays information about a web server and web UI administrators.
Parameters
| Parameter | Description | Value |
|---|---|---|
| configuration |
Displays web server configuration. |
- |
| users |
Displays online web UI administrator information. |
- |
| brief |
Displays online web UI administrator brief information. |
- |
Usage Guidelines
To display information about a web server and web UI administrators, run the **display web-manager ** command.
Example
The actual command output varies according to the device. The command output here is only an example.
<HUAWEI> display web-manager configuration ----------------------------------------------------- Webm server enable : true Webm server https port : 8443 Webm server http forward enable : true Webm server time out : 600 Webm server max user num : 10 Webm server lock ip enable : true Webm server lock ip retry interval: 15 Webm server lock ip retry time : 16 Webm server lock ip block time : 5 Webm server captcha enable : false ----------------------------------------------------- <HUAWEI> display web-manager configuration ----------------------------------------------------- Webm server enable : true Webm server https port : 8443 Webm server http forward enable : true Webm server time out : 600 Webm server max user num : 10 Webm server lock ip enable : false Webm server lock ip retry interval: - Webm server lock ip retry time : - Webm server lock ip block time : - Webm server captcha enable : false -----------------------
<HUAWEI> display web-manager users
---------------------------------------------------------------------
UserName Level UserIp LoginTime
---------------------------------------------------------------------
test1 15 1.1.1.1 2020/04/10 17:20:30
test2 3 1.1.1.2 2020/04/10 17:20:34
---------------------------------------------------------------------
<HUAWEI> display web-manager users brief
---------------------------------------------------
UserName CurOnline
---------------------------------------------------
test1 2
test2 3
---------------------------------------------------
Total online administator: 2, Total online web users: 5
| Item | Description |
|---|---|
| Webm server enable | Whether the web service function is enabled. |
| Webm server https port | The listening port number for the web server. |
| Webm server http forward enable | Whether to enable the function of forcibly converting HTTP to HTTPS. |
| Webm server time out | The timeout period for the web user interface (UI). |
| Webm server max user num | The maximum number of web users. |
| Webm server lock ip enable | Whether the web service lock ip function is enabled. |
| Webm server lock ip retry interval | The retry interval of web service lock ip function. |
| Webm server lock ip retry time | The retry time of web service lock ip function. |
| Webm server lock ip block time | The lock time of web service lock ip function. |
| Webm server captcha enable | Whether the web service captcha function is enabled. |
| UserName | Name of an administrator. |
| Level | Administrator level. |
| UserIp | IP address that an administrator uses to log in to the device. |
| LoginTime | Date and time when an administrator logged in to the device. |
| CurOnline | Number of online users with the same account. |
| Total online administator | Total number of online administrators. |
| Total online web users | Total number of online web users. |
web-manager captcha enable
Function
The web-manager captcha enable command enables the CAPTCHA code check function of the Web server authentication page.
The undo web-manager captcha enable command disables the CAPTCHA code check function of the Web server authentication page.
By default, the CAPTCHA code check function of the Web server authentication page is enabled.
Usage Guidelines
To configure the CAPTCHA code check function, run the web-manager captcha enable command.
Example
<HUAWEI> system-view [HUAWEI] web-manager captcha enable
<HUAWEI> system-view [HUAWEI] undo web-manager captcha enable Warning: Disabling the verification code will reduce the system's anti-brute force cracking capability. Continue? [Y/N]:Y
web-manager enable
Function
The web-manager enable command enables the web server function on a device.
The undo web-manager enable command disables the web server function on a device.
The device enables ports 80 and 8443 to provide the HTTPS service by default.
Parameters
| Parameter | Description | Value |
|---|---|---|
| port port-number |
Specifies the listening port number for the web server. |
The value is 443 or an integer ranging from 1025 to 50000. The default value is 8443. |
web-manager http forward enable
Function
The web-manager http forward enable command enables the function of forcibly converting HTTP to HTTPS.
The undo web-manager http forward enable command disables this function.
By default, the function of forcibly converting HTTP to HTTPS is enabled.
web-manager lock-ip
Function
The web-manager lock-ip command enables the IP address lockout function and sets the IP address retry interval, maximum number of consecutive login failures, and IP address lockout duration.
The undo web-manager lock-ip command disables the IP address lockout function.
By default, the IP address lockout function is enabled, the IP address retry interval is 15 minutes, the maximum number of consecutive login failures is 16, and the lockout duration is 5 minutes.
Format
web-manager lock-ip retry-interval retry-interval retry-time retry-time block-time block-time
undo web-manager lock-ip
Parameters
| Parameter | Description | Value |
|---|---|---|
| retry-interval retry-interval |
IP address retry interval, in minutes. |
The value is an integer that ranges from 5 to 65535. |
| retry-time retry-time |
Maximum number of consecutive IP address login failures. |
The value is an integer that ranges from 3 to 65535. |
| block-time block-time |
IP address lockout duration, in minutes. |
The value is an integer that ranges from 5 to 65535. |
web-manager max-user-number
Function
The web-manager max-user-number command sets the maximum number of web users.
The undo web-manager max-user-number command restores the default setting.
By default, the maximum number of web users is 200.
web-manager security ca-certificate
Function
The web-manager security ca-certificate command specifies the CA certificate used by the device to authenticate the client certificate.
The undo web-manager security ca-certificate command deletes the CA certificate specified for the device to authenticate the client certificate.
By default, the device has no CA certificate to authenticate the client certificate.
Format
web-manager security ca-certificate ca-certificate
undo web-manager security ca-certificate ca-certificate
Parameters
| Parameter | Description | Value |
|---|---|---|
| ca-certificate ca-certificate |
Specifies the name of a CA certificate. |
The value is a string of 1 or 64 characters. |
Usage Guidelines
By default, the device has no CA certificate to authenticate the client certificate.
Before running the web-manager security ca-certificate command, apply for a CA certificate, upload it to the device storage, and import it to the memory. For details, see the pki import-certificate command. After running the web-manager security verify-ssl-peer command to enable bidirectional certificate authentication between the device and its client, the device uses the CA certificate specified in the web-manager security ca-certificate command to authenticate the client certificate.web-manager security non-existent-url enable
Function
The web-manager security non-existent-url enable command enables the device to respond to nonexistent URLs.
The undo web-manager security non-existent-url enable command prevents the device from responding to nonexistent URLs.
By default, the function of responding to nonexistent URLs is disabled.
Format
web-manager security non-existent-url enable
undo web-manager security non-existent-url enable
web-manager security server-certificate
Function
The web-manager security server-certificate command specifies a certificate used for HTTPS login.
The undo web-manager security server-certificate command restores the default certificate used for HTTPS login.
By default, this function is not configured.
Format
web-manager security server-certificate server-certificate-file
undo web-manager security server-certificate
Parameters
| Parameter | Description | Value |
|---|---|---|
| server-certificate server-certificate-file |
Specifies the name of a certificate. |
It must be the name of an existing certificate. |
Usage Guidelines
By default, when a client uses HTTPS to attempt to log in to a device, the device delivers a default certificate to the PC. The certificate is assigned by an unknown Certificate Authority (CA). The PC does not trust the certificate though cannot verify it, which causes the PC to be vulnerable to attacks.
The device must have certificates and key files, and CA certificates must be imported into the client to verify the certificates delivered by the device.web-manager security verify-ssl-peer
Function
The web-manager security verify-ssl-peer command enables bidirectional certificate authentication between the device and client.
The undo web-manager security verify-ssl-peer command disables bidirectional certificate authentication between the device and client.
By default, bidirectional certificate authentication is disabled.
Usage Guidelines
Unidirectional certificate authentication is implemented between the device and client. Specifically, the client authenticates the certificate of the device, and the device does not authenticate the certificate of the client.
After the web-manager security verify-ssl-peer command is run, when you log in to the device using HTTPS, the client sends its client certificate to the device and the device uses the CA certificate to authenticate the client certificate. The device displays the login page only when the authentication succeeds. Before running the web-manager security verify-ssl-peer command, apply for a CA certificate, upload it to the device storage, and import it to the memory. For details, see the pki import-certificate command. In addition, import the client certificate to the client browser. You also need to run the web-manager security ca-certificate command to configure the device to use the requested CA certificate to authenticate the client certificate.web-manager server-source
Function
The web-manager server-source -i interface-type interface-num command specifies the source interface of the web server.
The undo web-manager server-source -i interface-type interface-num command deletes the source interface of the web server.
The web-manager server-source all-interface command specifies all valid interfaces as the source interfaces of the web server.
The undo web-manager server-source all-interface command cancels the configuration of all valid source interfaces of the web server.
By default, the management interface MEth 0/0/0 is specified as the source interface of a web server.
Format
web-manager server-source -i interface-type interface-num
web-manager server-source all-interface
undo web-manager server-source all-interface
undo web-manager server-source -i interface-type interface-num
Parameters
| Parameter | Description | Value |
|---|---|---|
| interface-type |
Specifies the type of an interface. |
The interface type can be set to management interface or VLANIF interface. |
| interface-num |
Specifies the interface number. |
It is a string of 1 to 63 characters. |
| all-interface |
Specifies all the interfaces that are configured with IP addresses on the device. |
- |
| -i |
Specifies an interface. |
- |
Usage Guidelines
The priority of the web-manager server-source all-interface command is higher than that of the web-manager server-source -i interface-type interface-num command. After the web-manager server-source all-interface command is configured, the undo web-manager server-source -i interface-type interface-num command configured later does not take effect.
web-manager server-source -a
Function
The web-manager server-source -a command specifies the source address for a web server.
The undo web-manager server-source -a command cancels the source address for a web server.
By default, no source address is specified for a web server.
Format
web-manager { ipv4 | ipv6 } server-source -a ip-address [ vpn-instance vpn-instance ]
undo web-manager { ipv4 | ipv6 } server-source -a ip-address [ vpn-instance vpn-instance ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| ipv4 |
Specifies an IPv4 address. |
- |
| ipv6 |
Specifies an IPv6 address. |
- |
| ip-address |
Specifies an IP address. |
The value is in dotted decimal notation or a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| vpn-instance vpn-instance |
Specifies the name of a VPN instance. |
The value is a string of 1 to 31 case-sensitive characters. The VPN instance name cannot be _public_. The character string can contain spaces if it is enclosed with double quotation marks ("). |
web-manager slow-attack check
Function
The web-manager slow-attack check command sets the parameters for checking HTTP slow attack packets on the web server.
The undo web-manager slow-attack check command restores the default parameters for checking HTTP slow attack packets on the web server.
By default, the value of content-length is 10000, the value of payload-length is 50, and the value of packet-number is 10.
Format
web-manager slow-attack check [ content-length content-length | payload-length payload-length | packet-number packet-number ] *
undo web-manager slow-attack check
Parameters
| Parameter | Description | Value |
|---|---|---|
| content-length content-length |
Specifies the length of the packet content. |
The value is an integer ranging from 100 to 100000000. The default value is 10000. |
| payload-length payload-length |
Specifies the length of the payload. |
The value is an integer ranging from 1 to 1000. The default value is 50. |
| packet-number packet-number |
Specifies the number of abnormal packets. |
The value is an integer ranging from 1 to 1000. The default value is 10. |
Usage Guidelines
After the web-manager slow-attack check command is run, if the length of an HTTP packet header is larger than content-length and the payload length is smaller than payload-length, the packet is regarded abnormal. If the number of abnormal packets reaches packet-number, the device will cut off the connection.
web-manager timeout
Function
The web-manager timeout command sets the timeout period for the web user interface (UI).
The undo web-manager timeout command restores the default timeout period for the web UI.
By default, the timeout period is 10 minutes.
Parameters
| Parameter | Description | Value |
|---|---|---|
| timeout time-out |
Specifies the timeout period for the web UI. |
The value is an integer ranging from 1 to 1440, in minutes. The default value is 10. |
web-manager warning-banner
Function
The web-manager warning-banner command configures warning information on the login of a web administrator.
The undo web-manager warning-banner command restores the default warning information.
By default, the warning information is as follows: WARNING! Unauthorized use of the device is strictly prohibited and may be subject to criminal prosecution. Accept, Enter the system; Reject, Withdraw from the system; If nothing is selected, you will not be allowed to access the system.
Format
web-manager warning-banner { chinese | english } description-text
undo web-manager warning-banner { chinese | english }
Parameters
| Parameter | Description | Value |
|---|---|---|
| chinese |
Indicates warning information in Chinese. After the encoding mode of the device is switched to UTF-8, this parameter is unavailable. |
- |
| english |
Indicates warning information in English. |
- |
| description-text |
Specifies warning information. |
The value is a string of 1 to 400 case-sensitive characters and can contain spaces. |
Usage Guidelines
After using the web-manager warning-banner enable command to enable the function of displaying the warning information on web administrators, you can this command to set warning information on the login of a web administrator.
Example
<HUAWEI> system-view [HUAWEI] web-manager warning-banner english Unauthorized use of the device is strictly prohibited and may be subject to criminal prosecution
web-manager warning-banner enable
Function
The web-manager warning-banner enable command enables the function of displaying the warning information on web administrators.
The undo web-manager warning-banner enable command disables the function.
By default, the function is disabled.
Usage Guidelines
After the function of displaying the warning information on web administrators is enabled, when a web administrator enters the user name and password on the web UI, the system will display the warning information set using the web-manager warning-banner command to notify the administrator of the results caused by the unauthorized use of the device. The administrator can log in only after clicking OK .
- display web-manager
- web-manager captcha enable
- web-manager enable
- web-manager http forward enable
- web-manager lock-ip
- web-manager max-user-number
- web-manager security ca-certificate
- web-manager security non-existent-url enable
- web-manager security server-certificate
- web-manager security verify-ssl-peer
- web-manager server-source
- web-manager server-source -a
- web-manager slow-attack check
- web-manager timeout
- web-manager warning-banner
- web-manager warning-banner enable