7-6
z Applying the ACL to control Web users
Prerequisites
The controlling policy against Web users is determined, including the source IP addresses to be
controlled and the controlling actions (permitting or denying).
Controlling Web Users by Source IP Addresses
Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are
numbered from 2000 to 2999.
Follow these steps to control Web users by source IP addresses:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a basic ACL or
enter basic ACL view
acl number acl-number
[ match-order { config | auto } ]
As for the acl number command,
the config keyword is specified by
default.
Define rules for the
ACL
rule [ rule-id ] { deny | permit }
[ rule-string ]
Required
Quit to system view
quit
—
Apply the ACL to
control Web users
ip http acl acl-number
Optional
By default, no ACL is applied for
Web users.
Disconnecting a Web User by Force
The administrator can disconnect a Web user by force using the related commands.
Follow these steps to disconnect a Web user by force:
To do… Use the command… Remarks
Disconnect a Web user
by force
free web-users { all | user-id
user-id | user-name user-name }
Required
Execute this command in user view.
Configuration Example
Network requirements
As shown in Figure 7-3, only the Web users sourced from the IP address of 10.110.100.52 are permitted
to access the switching engine.
Figure 7-3 Network diagram for controlling Web users using ACLs
