Microsoft Windows [Version 10.0.22621.2428]
(c) Microsoft Corporation. C:\Windows>netsh http ? The following commands are available: Commands in this context: ? - Displays a list of commands. add - Adds a configuration entry to a table. delete - Deletes a configuration entry from a table. dump - Displays a configuration script. flush - Flushes internal data. help - Displays a list of commands. show - Displays information. update - Updates a configuration entry to a table. To view help for a command, type the command, followed by a space, and then type ?.
Adds a configuration entry to a table.
»netsh »http »add
C:\Windows>netsh http add ? The following commands are available: Commands in this context: add cacheparam - Adds an HTTP service cache parameter add iplisten - Adds an IP address to the IP listen list. add setting - Adds a global setting to the service. add sslcert - Adds an SSL server certificate binding. add timeout - Adds a global timeout to the service. add urlacl - Adds an URL reservation entry.
Adds an HTTP service cache parameter
»netsh »http »add »cacheparam
C:\Windows>netsh http add cacheparam ? Usage: add cacheparam [type=]cacherangechunksize|maxcacheresponsesize [value=]<ulong> Parameters: Tag Value type - Type of parameter for setting. value - Value (in bytes). If value is in hex, then add the prefix 0x. Remarks: Adds HTTP service cache parameter. Examples: add cacheparam type=maxcacheresponsesize value=524288 add cacheparam type=cacherangechunksize value=131072
Adds an IP address to the IP listen list.
»netsh »http »add »iplisten
C:\Windows>netsh http add iplisten ? Usage: add iplisten [ipaddress=]<IP address> Parameters: Tag Value ipaddress - The IPv4 or IPv6 address to be added to the IP listen list. Remarks: Adds a new IP address to the IP listen list. This does not include the port number. The IP listen list is used to scope the list of addresses to which the HTTP service binds. "0.0.0.0" means any IPv4 address and "::" means any IPv6 address. Examples: add iplisten ipaddress=fe80::1 add iplisten ipaddress=1.1.1.1 add iplisten ipaddress=0.0.0.0 add iplisten ipaddress=::
Adds a global setting to the service.
»netsh »http »add »setting
C:\Windows>netsh http add setting ? Usage: add setting [settingtype=]sslthrottle [value=]<ulong> Parameters: Tag Value settingtype - Type of the setting. value - Value of the setting. If value is in hex, then add the prefix 0x. Remarks: Adds a global setting to the service. Examples: add setting settingtype=sslthrottle value=1000
Adds an SSL server certificate binding.
»netsh »http »add »sslcert
C:\Windows>netsh http add sslcert ? Usage: add sslcert [hostnameport=<name:port> | ipport=<ipaddr:port> | ccs=<port>] | json=[filepath] [appid=<GUID>] [certhash=<string>] [certstorename=<string>] [verifyclientcertrevocation=enable|disable] [verifyrevocationwithcachedclientcertonly=enable|disable] [usagecheck=enable|disable] [revocationfreshnesstime=<u-int>] [urlretrievaltimeout=<u-int>] [sslctlidentifier=<string>] [sslctlstorename=<string>] [dsmapperusage=enable|disable] [clientcertnegotiation=enable|disable] [reject=enable|disable] [disablehttp2=enable|disable] [disablequic=enable|disable] [disablelegacytls=enable|disable] [disabletls12=enable|disable] [disabletls13=enable|disable] [disableocspstapling=enable|disable] [enabletokenbinding=enable|disable] [logextendedevents=enable|disable] [enablesessionticket=enable|disable] [disablesessionid=enable|disable] Parameters: Tag: Value ipport: IP address and port for the binding. hostnameport: Unicode hostname and port for binding. ccs: Central Certificate Store binding. json: The path to a JSON-formatted file for import. certhash: The SHA hash of the certificate. This hash is 20 bytes long and specified as a hex string. appid: GUID to identify the owning application. certstorename: Store name for the certificate. Required for Hostname based configurations. Defaults to MY for IP based configurations. Certificate must be stored in the local machine context. verifyclientcertrevocation: Turns on/off verification of revocation of client certificates. verifyrevocationwithcachedclientcertonly: Turns on/off usage of only cached client certificate for revocation checking. usagecheck: Turns on/off usage check. Default is enabled. revocationfreshnesstime: Time interval to check for an updated certificate revocation list (CRL). If this value is 0, then the new CRL is updated only if the previous one expires (in seconds). urlretrievaltimeout: Timeout on attempt to retrieve certificate revocation list for the remote URL (in milliseconds). sslctlidentifier: List the certificate issuers that can be trusted. This list can be a subset of the certificate issuers that are trusted by the machine. sslctlstorename: Store name under LOCAL_MACHINE where SslCtlIdentifier is stored. dsmapperusage: Turns on/off DS mappers. Default is disabled. clientcertnegotiation: Turns on/off negotiation of certificate. Default is disabled. reject: When enabled, any new matching connection is immediately dropped. disablehttp2: When set, HTTP2 is disabled for new matching connections immediately. disablequic: When set, QUIC is disabled for new matching connections immediately. disablelegacytls: When set, legacy versions of TLS are disabled. disabletls12: When set, TLS1.2 is disabled for new matching connections immediately. disabletls13: When set, TLS1.3 is disabled for new matching connections immediately. disableocspstapling: When set, OCSP stapling is disabled for new matching connections immediately. enabletokenbinding: When set, token binding is enabled for new connections immediately. logextendedevents: When set, additional events useful for debugging are logged. enablesessionticket: When set, TLS session ticket resumption is enabled. disablesessionid: When set, TLS session id resumption is disabled. Remarks: Adds an SSL server certificate binding and corresponding client certificate policies for an IP address or hostname and a port. Examples: add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A appid={00112233-4455-6677-8899-AABBCCDDEEFF} add sslcert hostnameport=www.contoso.com:443 certhash=0102030405060708090A appid={00112233-4455-6677-8899-AABBCCDDEEFF} certstorename=MY add sslcert scopedccs=www.contoso.com:443 appid={00112233-4455-6677-8899-AABBCCDDEEFF} add sslcert ccs=443 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
Adds a global timeout to the service.
»netsh »http »add »timeout
C:\Windows>netsh http add timeout ? Usage: add timeout [timeouttype=]idleconnectiontimeout|headerwaittimeout [value=]<u-short> Parameters: Tag Value timeouttype - Type of timeout for setting. value - Value of the timeout (in seconds). If value is in hex, then add the prefix 0x. Remarks: Adds a global timeout to the service. Examples: add timeout timeouttype=idleconnectiontimeout value=120 add timeout timeouttype=headerwaittimeout value=0x40
Adds an URL reservation entry.
»netsh »http »add »urlacl
C:\Windows>netsh http add urlacl ? Usage: add urlacl [url=]<string> [ [user=]<string> [ [listen=]yes|no [delegate=]yes|no ] | [sddl=]<string> ] Parameters: Tag Value url - The fully qualified URL user - The user or user-group name listen - One of the following values: yes: Allow the user to register URLs. This is the Default value. no: Deny the user from registering URLs delegate - One of the following values: yes: Allow the user to delegate URLs no: Deny the user from delegating URLs. This is the default value. sddl - SDDL string that describes the DACL Remarks: This command reserves the URL for non-administrator users and accounts. The DACL can be specified by using an NT account name with the listen and delegate parameters or by using an SDDL string. Example: add urlacl url=http://+:80/MyUri user=DOMAIN\user add urlacl url=http://www.contoso.com:80/MyUri user=DOMAIN\user listen=yes add urlacl url=http://www.contoso.com:80/MyUri user=DOMAIN\user delegate=no add urlacl url=http://+:80/MyUri sddl=...
Deletes a configuration entry from a table.
»netsh »http »delete
C:\Windows>netsh http delete ? The following commands are available: Commands in this context: delete cache - Deletes entries from the HTTP service kernel URI cache. delete iplisten - Deletes an IP address from the IP listen list. delete setting - Deletes a global setting. delete sslcert - Deletes SSL certificate bindings. delete timeout - Deletes a global timeout. delete urlacl - Deletes a URL reservation.
Deletes entries from the HTTP service kernel URI cache.
»netsh »http »delete »cache
C:\Windows>netsh http delete cache ? Usage: delete cache [[url=]<string> [[recursive=]yes|no]]] Parameters: Tag Value url - Fully qualified URL. recursive - If yes, removes all entries under the specified url Remarks: This command flushes the entire URI cache or deletes entries per specified URI. Examples: delete cache url=http://www.contoso.com:80/myresource/ recursive=yes delete cache
Deletes an IP address from the IP listen list.
»netsh »http »delete »iplisten
C:\Windows>netsh http delete iplisten ? Usage: delete iplisten [ipaddress=]<IP address> Parameters: Tag Value ipaddress - The IPv4 or IPv6 address to be deleted from the IP Listen list. This does not include the port number. Remarks: Deletes an IP address from the IP listen list. The IP listen list is used to scope the list of addresses to which the HTTP service binds. Examples: delete iplisten ipaddress=fe80::1 delete iplisten ipaddress=1.1.1.1 delete iplisten ipaddress=0.0.0.0 delete iplisten ipaddress=::
Deletes a global setting.
»netsh »http »delete »setting
C:\Windows>netsh http delete setting ? Usage: delete setting [settingtype=]sslthrottle Parameters: Tag Value settingtype - Type of the setting. Remarks: deletes a global setting and makes the service revert to default values. Examples: delete setting settingtype=sslthrottle
Deletes SSL certificate bindings.
»netsh »http »delete »sslcert
C:\Windows>netsh http delete sslcert ? Usage: delete sslcert ipport=<ipaddr:port> | hostnameport=<name:port> | ccs=<port> Parameters: Tag Value ipport - The IPv4 or IPv6 address and port for which the SSL certificate bindings will be deleted. hostnameport - The hostname and port for which the SSL certificate binding will be deleted. When a wildcard binding is deleted, all bindings auto-generated from the wildcard binding will also get deleted. ccs - The Central Certificate Store binding to delete. This will cause the system to internally purge all cached bindings that were derived from this binding. Remarks: Deletes SSL server certificate bindings and corresponding client certificate policies. Examples: delete sslcert ipport=1.1.1.1:443 delete sslcert ipport=0.0.0.0:443 delete sslcert ipport=[::]:443 delete sslcert hostnameport=www.contoso.com:443 delete sslcert scopedccs=www.contoso.com:443 delete sslcert ccs=443
Deletes a global timeout.
»netsh »http »delete »timeout
C:\Windows>netsh http delete timeout ? Usage: delete timeout [timeouttype=]idleconnectiontimeout|headerwaittimeout Parameters: Tag Value timeouttype - Type of timeout for setting. Remarks: deletes a global timeout and makes the service revert to default values. Examples: delete timeout timeouttype=idleconnectiontimeout delete timeout timeouttype=headerwaittimeout
Deletes a URL reservation.
»netsh »http »delete »urlacl
C:\Windows>netsh http delete urlacl ? Usage: delete urlacl [url=]<string> Parameters: Tag Value url - The fully qualified URL to be deleted. Remarks: This command deletes a reserved URL. Examples: delete urlacl url=http://+:80/MyUri delete urlacl url=http://www.contoso.com:80/MyUri
Displays a configuration script.
»netsh »http »dump
C:\Windows>netsh http dump ? Usage: dump Remarks: Creates a script that contains the current configuration. If saved to a file, this script can be used to restore altered configuration settings.
Flushes internal data.
»netsh »http »flush
C:\Windows>netsh http flush ? The following commands are available: Commands in this context: flush logbuffer - Flushes the internal buffers for the log files.
Flushes the internal buffers for the log files.
»netsh »http »flush »logbuffer
C:\Windows>netsh http flush logbuffer ? Usage: flush logbuffer Remarks: This commands flushes the internal buffers for the log files. Examples: flush logbuffer
Displays a list of commands.
»netsh »http »help
C:\Windows>netsh http help ? Usage: help Remarks: Displays a list of commands.
Displays information.
»netsh »http »show
C:\Windows>netsh http show ? The following commands are available: Commands in this context: show cacheparam - Shows the cache parameters of HTTP service . show cachestate - Lists cached URI resources and their associated properties. show iplisten - Displays all the IP addresses in the IP listen list. show servicestate - Shows a snapshot of the HTTP service. show setting - Shows the setting values of the service. show sslcert - Displays SSL certificate bindings. show timeout - Shows the timeout values of the service. show urlacl - Displays URL namespace reservations.
Shows the cache parameters of HTTP service .
»netsh »http »show »cacheparam
C:\Windows>netsh http show cacheparam ? Usage: show cacheparam Remarks: Shows the cache parameters of HTTP service (in bytes) . Examples: show cacheparam
Lists cached URI resources and their associated properties.
»netsh »http »show »cachestate
C:\Windows>netsh http show cachestate ? Usage: show cachestate [[url=]<string>] Parameters: Tag Value url - Fully qualified URL. If unspecified, implies all URLs. The URL could also be a prefix to registered URLs Remarks: This command lists all resources and their associated properties that are cached in HTTP response cache or displays a single resource and its associated properties. Examples: show cachestate url=http://www.contoso.com:80/myresource show cachestate
Displays all the IP addresses in the IP listen list.
»netsh »http »show »iplisten
C:\Windows>netsh http show iplisten ? Usage: show iplisten Remarks: Lists all IP addresses in the IP listen list. The IP listen list is used to scope the list of addresses to which the HTTP service binds. "0.0.0.0" means any IPv4 address and "::" means any IPv6 address.
Shows a snapshot of the HTTP service.
»netsh »http »show »servicestate
C:\Windows>netsh http show servicestate ? Usage: show servicestate [[view=]session|requestq] [[verbose=]yes|no] Parameters: Tag Value view - View snapshot of HTTP service state based on server session or request queues. verbose - View verbose information showing property information too. Remarks: Shows a snapshot of the HTTP service. Examples: show servicestate view="session" show servicestate view="requestq"
Shows the setting values of the service.
»netsh »http »show »setting
C:\Windows>netsh http show setting ? Usage: show setting Remarks: Shows the setting values of the service (in seconds). Examples: show setting
Displays SSL certificate bindings.
»netsh »http »show »sslcert
C:\Windows>netsh http show sslcert ? Usage: show sslcert [ipport=<ipaddr:port> | hostnameport=<name:port> | ccs=<port> | scopedccs=<name:port>] [json=enable] Parameters: Tag Value ipport - The IPv4 or IPv6 address and port for which the SSL certificate bindings will be displayed. hostnameport - The hostname and port for which the SSL certificate bindings will be displayed. ccs - The Central Certificate Store binding to display. scopedccs - The hostname and port for which the scoped CCS bindings will be displayed. json - If enable, produces formatted JSON. Remarks: Lists SSL server certificate bindings and corresponding client certificate policies. Not providing a specification causes all bindings to be displayed. Examples: show sslcert ipport=[fe80::1]:443 show sslcert ipport=1.1.1.1:443 show sslcert ipport=0.0.0.0:443 show sslcert ipport=[::]:443 show sslcert hostnameport=www.contoso.com:443 show sslcert scopedccs=www.contoso.com: 443 show sslcert ccs=443 show sslcert
Shows the timeout values of the service.
»netsh »http »show »timeout
C:\Windows>netsh http show timeout ? Usage: show timeout Remarks: Shows the timeout values of the service (in seconds). Examples: show timeout
Displays URL namespace reservations.
»netsh »http »show »urlacl
C:\Windows>netsh http show urlacl ? Usage: show urlacl [url=]<string> Parameters: Tag Value url - The fully qualified URL. If unspecified, implies all URLs. Remarks: This command lists DACLs for the specified reserved URL or all reserved URLs. Example: show urlacl url=http://+:80/MyUri show urlacl url=http://www.contoso.com:80/MyUri show urlacl
Updates a configuration entry to a table.
»netsh »http »update
C:\Windows>netsh http update ? The following commands are available: Commands in this context: update sslcert - Updates an existing SSL server certificate binding. update sslpropertyex - Updates the extended properties of an existing SSL server certificate binding.
Updates an existing SSL server certificate binding.
»netsh »http »update »sslcert
C:\Windows>netsh http update sslcert ? Usage: update sslcert hostnameport=<name:port> | ipport=<ipaddr:port> | ccs=<port> appid=<GUID> [certhash=<string>] [certstorename=<string>] [verifyclientcertrevocation=enable|disable] [verifyrevocationwithcachedclientcertonly=enable|disable] [usagecheck=enable|disable] [revocationfreshnesstime=<u-int>] [urlretrievaltimeout=<u-int>] [sslctlidentifier=<string>] [sslctlstorename=<string>] [dsmapperusage=enable|disable] [clientcertnegotiation=enable|disable] [reject=enable|disable] [disablehttp2=enable|disable] [disablequic=enable|disable] [disablelegacytls=enable|disable] [disabletls12=enable|disable] [disabletls13=enable|disable] [disableocspstapling=enable|disable] [enabletokenbinding=enable|disable] [logextendedevents=enable|disable] [enablesessionticket=enable|disable] [disablesessionid=enable|disable] Parameters: Tag: Value ipport: IP address and port for the binding. hostnameport: Unicode hostname and port for binding. ccs: Central Certificate Store binding. certhash: The SHA hash of the certificate. This hash is 20 bytes long and specified as a hex string. appid: GUID to identify the owning application. certstorename: Store name for the certificate. Required for Hostname based configurations. Defaults to MY for IP based configurations. Certificate must be stored in the local machine context. verifyclientcertrevocation: Turns on/off verification of revocation of client certificates. verifyrevocationwithcachedclientcertonly: Turns on/off usage of only cached client certificate for revocation checking. usagecheck: Turns on/off usage check. Default is enabled. revocationfreshnesstime: Time interval to check for an updated certificate revocation list (CRL). If this value is 0, then the new CRL is updated only if the previous one expires (in seconds). urlretrievaltimeout: Timeout on attempt to retrieve certificate revocation list for the remote URL (in milliseconds). sslctlidentifier: List the certificate issuers that can be trusted. This list can be a subset of the certificate issuers that are trusted by the machine. sslctlstorename: Store name under LOCAL_MACHINE where SslCtlIdentifier is stored. dsmapperusage: Turns on/off DS mappers. Default is disabled. clientcertnegotiation: Turns on/off negotiation of certificate. Default is disabled. reject: When enabled, any new matching connection is immediately dropped. disablehttp2: When set, HTTP2 is disabled for new matching connections immediately. disablequic: When set, QUIC is disabled for new matching connections immediately. disablelegacytls: When set, legacy versions of TLS are disabled. disabletls12: When set, TLS1.2 is disabled for new matching connections immediately. disabletls13: When set, TLS1.3 is disabled for new matching connections immediately. disableocspstapling: When set, OCSP stapling is disabled for new matching connections immediately. enabletokenbinding: When set, token binding is enabled for new connections immediately. logextendedevents: When set, additional events useful for debugging are logged. enablesessionticket: When set, TLS session ticket resumption is enabled. disablesessionid: When set, TLS session id resumption is disabled. Remarks: Updates an SSL server certificate binding and corresponding client certificate policies for an IP address or hostname and a port. Examples: update sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A appid={00112233-4455-6677-8899-AABBCCDDEEFF} update sslcert hostnameport=www.contoso.com:443 certhash=0102030405060708090A appid={00112233-4455-6677-8899-AABBCCDDEEFF} certstorename=MY update sslcert scopedccs=www.contoso.com:443 appid={00112233-4455-6677-8899-AABBCCDDEEFF} update sslcert ccs=443 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
Updates the extended properties of an existing SSL server certificate binding.
»netsh »http »update »sslpropertyex
C:\Windows>netsh http update sslpropertyex ? Usage: update sslpropertyex hostnameport=<name:port> | ipport=<ipaddr:port> | ccs=<port> [propertyid=0 receivewindow=<bytes>] | [propertyid=1 maxsettingsperframe=<value> maxsettingsperminute=<value>] Parameters: Tag: Value ipport: IP address and port for the binding. hostnameport: Unicode hostname and port for binding. ccs: Central Certificate Store binding. propertyid: The below parameters are classified into different property ids. receivewindow: bytes. Updates the http2 receive window size for http/2 connections. This should be between 0xffff and 0x7fffffff (inclusive). Propertyid = 0. maxsettingsperframe: The maximum number of http2 settings allowed per settings frame. This value should be less than or equal to 2796202 (per RFC). Propertyid = 1. maxsettingsperminute: The maximum number of http2 settings allowed per minute. This value should not be less than 7 (the minimum settings we support). Propertyid = 1. Remarks: updates an existing SSL server certificate binding parameters and corresponding client ce- rtificate policies for an IP address or hostname and a port. Examples: update sslpropertyex ipport=1.1.1.1:443 propertyid=0 receivewindow=1048576 update sslpropertyex hostnameport=www.contoso.com:443 propertyid=1 maxsettingsperframe=1024 maxsettingsperminute=1024 update sslpropertyex ccs=443
- de -/- en -