Netsh Commands for Hypertext Transfer Protocol (HTTP)

Applies To: Windows Server 2008

You can use commands in the netsh http context to configure properties of the HTTP service. The Netsh commands for HTTP can be run manually at the netsh prompt or in scripts and batch files.

To run these commands from the command prompt, you must either enter the netsh http context or prepend the context to the command. For example, if you are at the command prompt but have not typed netsh and then http to enter the netsh http context, you must type:

netsh http command

Where command is the command that you want to run, including all of the required parameters for the command.

This section contains the following commands.

  • add iplisten

  • add sslcert

  • add timeout

  • add urlacl

  • delete cache

  • delete iplisten

  • delete sslcert

  • delete timeout

  • delete urlacl

  • flush logbuffer

  • show cachestate

  • show iplisten

  • show servicestate

  • show sslcert

  • show timeout

  • show urlacl

For information on how to interpret netsh command syntax, see Formatting Legend.

Netsh http commands

The following entries provide details for each command.

add iplisten

Adds a new IP address to the IP listen list. This does not include the port number.

Syntax

add iplisten [ ipaddress= ] IPAddress

Parameters

  • ipaddress
    Required. The IPv4 or IPv6 address to be added to the IP listen list. The IP listen list is used to scope the list of addresses to which the HTTP service binds. "0.0.0.0" means any IPv4 address and "::" means any IPv6 address.

Examples

Following are four examples of the add iplisten command.

add iplisten ipaddress=fe80::1

add iplisten ipaddress=1.1.1.1

add iplisten ipaddress=0.0.0.0

add iplisten ipaddress=::

add sslcert

Adds a new SSL server certificate binding and corresponding client certificate policies for an IP address and port.

Syntax

add sslcert [ ipport= ] IPAddress**:**port [ certhash= ] CertHash [ appid= ] GUID [ [ certstorename= ] CertStoreName [ verifyclientcertrevocation= ] enable | disable [ verifyrevocationwithcachedclientcertonly= ] enable | disable [ usagecheck= ] enable | disable [ revocationfreshnesstime= ] U-Int [ urlretrievaltimeout= ] U-Int [ sslctlidentifier= ] SSLCTIdentifier [ sslctlstorename= ] SSLCtStoreName [ dsmapperusage= ] enable | disable [ clientcertnegotiation= ] enable | disable ] ]

Parameters

  • ipport
    Required. Specifies the IP address and port for the binding. A colon character (:) is used as a delimiter between the IP address and the port number.
  • certhash
    Required. Specifies the SHA hash of the certificate. This hash is 20 bytes long and is specified as a hexadecimal string.
  • appid
    Required. Specifies the GUID to identify the owning application.
  • certstorename
    Optional. Specifies the store name for the certificate. Defaults to MY. Certificate must be stored in the local machine context.
  • verifyclientcertrevocation
    Optional. Specifies the Turns on/off verification of revocation of client certificates.
  • verifyrevocationwithcachedclientcertonly
    Optional. Specifies whether the usage of only cached client certificate for revocation checking is enabled or disabled.
  • usagecheck
    Optional. Specifies whether the usage check is enabled or disabled. Default is enabled.
  • revocationfreshnesstime
    Optional. Specifies the time interval, in seconds, to check for an updated certificate revocation list (CRL). If this value is zero, then the new CRL is updated only if the previous one expires.
  • urlretrievaltimeout
    Optional. Specifies the timeout interval (in milliseconds) after the attempt to retrieve the certificate revocation list for the remote URL.
  • sslctlidentifier
    Optional. Specifies the list of the certificate issuers that can be trusted. This list can be a subset of the certificate issuers that are trusted by the computer.
  • sslctlstorename
    Optional. Specifies the certificate store name under LOCAL_MACHINE where SslCtlIdentifier is stored.
  • dsmapperusage
    Optional. Specifies whether DS mappers is enabled or disabled. Default is disabled.
  • clientcertnegotiation
    Optional. Specifies whether the negotiation of certificate is enabled or disabled. Default is disabled.

Examples

Following is an example of the add sslcert command.

add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

add timeout

Adds a global timeout to the service.

Syntax

add timeout [ timeouttype= ] IdleConnectionTimeout | HeaderWaitTimeout [ value= ] U-Short

Parameters

  • Timeouttype
    Type of timeout for setting.
  • Value
    Value of the timeout (in seconds). If value is in hexadecimal notation, then add the prefix 0x.

Examples

Following are two examples of the add timeout command.

add timeout timeouttype=idleconnectiontimeout value=120

add timeout timeouttype=headerwaittimeout value=0x40

add urlacl

Adds a Uniform Resource Locator (URL) reservation entry. This command reserves the URL for non-administrator users and accounts. The DACL can be specified by using an NT account name with the listen and delegate parameters or by using an SDDL string.

Syntax

add urlacl [ url= ] URL [ [user=] User [ [ listen= ] yes | no [ delegate= ] yes | no ] | [ sddl= ] SDDL ]

Parameters

  • url
    Required. Specifies the fully qualified Uniform Resource Locator (URL).
  • user
    Required. Specifies the user or user-group name
  • listen
    Optional. Specifies one of the following values: yes: Allow the user to register URLs. This is the default value. no: Deny the user from registering URLs.
  • delegate
    Optional. Specifies one of the following values: yes: Allow the user to delegate URLs no: Deny the user from delegating URLs. This is the default value.
  • sddl
    Optional. Specifies an SDDL string that describes the DACL.

Examples

Following are four examples of the add urlacl command.

add urlacl url=https://+:80/MyUri user=DOMAIN\user

add urlacl url=https://www.contoso.com:80/MyUri user=DOMAIN\user listen=yes

add urlacl url=https://www.contoso.com:80/MyUri user=DOMAIN\user delegat

e=no

add urlacl url=https://+:80/MyUri sddl=...

delete cache

Deletes all entries or the specified entry from the HTTP service kernel URI cache.

Syntax

delete cache [ [ url= ] URL [ [recursive= ] yes | no ]

Parameters

  • url
    Optional. Specifies the fully qualified Uniform Resource Locator (URL) that you want to delete.
  • recursive
    Optional. Specifies whether all entries under the specified url cache are removed. yes: all entries are removed. no: all entries are not removed.

Examples

Following are two examples of the delete cache command.

delete cache url=https://www.contoso.com:80/myresource/ recursive=yes

delete cache

delete iplisten

Deletes an IP address from the IP listen list. The IP listen list is used to scope the list of addresses to which the HTTP service binds.

Syntax

delete iplisten [ ipaddress= ] IPAddress

Parameters

  • ipaddress
    Required. The IPv4 or IPv6 address to be deleted from the IP listen list. The IP listen list is used to scope the list of addresses to which the HTTP service binds. "0.0.0.0" means any IPv4 address and "::" means any IPv6 address. This does not include the port number.

Examples

Following are four examples of the delete iplisten command.

delete iplisten ipaddress=fe80::1

delete iplisten ipaddress=1.1.1.1

delete iplisten ipaddress=0.0.0.0

delete iplisten ipaddress=::

delete sslcert

Deletes SSL server certificate bindings and corresponding client certificate policies for an IP address and port.

Syntax

delete sslcert [ ipport= ] IPAddress**:**port

Parameters

  • ipport
    Required. Specifies the IPv4 or IPv6 address and port for for which the SSL certificate bindings will be deleted. A colon character (:) is used as a delimiter between the IP address and the port number.

Examples

Following are three examples of the delete sslcert command.

delete sslcert ipport=1.1.1.1:443

delete sslcert ipport=0.0.0.0:443

delete sslcert ipport=[::]:443

delete timeout

Deletes a global timeout and makes the service revert to default values.

Syntax

delete timeout [ timeouttype= ] idleconnectiontimeout | headerwaittimeout

Parameters

  • timeouttype
    Required. Specifies the type of timeout for setting.

Examples

Following are two examples of the delete timeout command.

delete timeout timeouttype=idleconnectiontimeout

delete timeout timeouttype=headerwaittimeout

delete urlacl

Deletes a URL reservation.

Syntax

delete urlacl [ url= ] URL

Parameters

  • url
    Required. Specifies the fully qualified Uniform Resource Locator (URL) that you want to delete.

Examples

Following are two examples of the delete urlacl command.

delete urlacl url=https://+:80/MyUri

delete urlacl url=https://www.contoso.com:80/MyUri

flush logbuffer

Flushes the internal buffers for the logfiles.

Syntax

flush logbuffer

show cachestate

Lists cached URI resources and their associated properties. This command lists all resources and their associated properties that are cached in HTTP response cache or displays a single resource and its associated properties.

Syntax

show cachestate [ [url= ] URL]

Parameters

  • url
    Optional. Specifies the fully qualified URL that you want to display. If unspecified, displays all URLs. The URL could also be a prefix to registered URLs.

Examples

Following are two examples of the show cachestate command

show cachestate url=https://www.contoso.com:80/myresource

show cachestate

show iplisten

Displays all IP addresses in the IP listen list. The IP listen list is used to scope the list of addresses to which the HTTP service binds. "0.0.0.0" means any IPv4 address and "::" means any IPv6 address.

Syntax

show iplisten

show servicestate

Displays a snapshot of the HTTP service.

Syntax

show servicestate [ [ view= ] session | requestq ] [ [ verbose= ] yes |no ]

Parameters

  • View
    Optional. Specifies whether to view a snapshot of the HTTP service state based on the server session or on the request queues.
  • Verbose
    Optional. Specifies whether to display verbose information that also shows property information.

Examples

Following are two examples of the show servicestate command.

show servicestate view="session"

show servicestate view="requestq"

show sslcert

Displays Secure Sockets Layer (SSL) server certificate bindings and corresponding client certificate policies for an IP address and port.

Syntax

show sslcert [ ipport= ] IPAddress**:**port

Parameters

  • Ipport
    Required. Specifies the IPv4 or IPv6 address and port for which the SSL certificate bindings will be displayed. A colon character (:) is used as a delimiter between the IP address and the port number. If you do not specify ipport, all bindings are displayed.

Examples

Following are five examples of the show sslcert command.

show sslcert ipport=[fe80::1]:443

show sslcert ipport=1.1.1.1:443

show sslcert ipport=0.0.0.0:443

show sslcert ipport=[::]:443

show sslcert

show timeout

Displays, in seconds, the timeout values of the HTTP service.

Syntax

show timeout

show urlacl

Displays discretionary access control lists (DACLs) for the specified reserved URL or all reserved URLs.

Syntax

show urlacl [ [url= ] URL]

Parameters

  • url
    Optional. Specifies the fully qualified URL that you want to display. If unspecified, displays all URLs.

Examples

Following are three examples of the show urlacl command.

show urlacl url=https://+:80/MyUri

show urlacl url=https://www.contoso.com:80/MyUri

show urlacl