Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


web-management (System Services)



Hierarchy Level

Release Information

Statement introduced before Junos OS Release 7.4.

Support for https introduced for SRX5400, SRX5600, and SRX5800 devices starting from Junos OS Release 12.1X44-D10 and on vSRX, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, and SRX1500 devices starting from Junos OS Release 15.1X49-D40.


Configure settings for HTTP or HTTPS access. HTTP access allows management of the device using the browser-based J-Web graphical user interface. HTTPS access allows secure management of the device using the J-Web interface. With HTTPS access, communication between the device’s Web server and your browser is encrypted.


On SRX340, SRX345, and SRX380 devices, the factory-default configuration has a generic HTTP configuration. To use Gigabit Ethernet (ge) and fxp0 ports as management ports, you must use the set system services web-management http interface command to configure HTTP access for those interfaces. The Web management HTTP and HTTPS interfaces are changed to fxp0.0 and from ge-0/0/1.0 through ge-0/0/7.0.


control max-threads max-threadsConfigure the maximum number of simultaneous threads to handle access requests.

Range: 0 through 16

management-urlConfigure the URL path for Web management access.
traceoptionsSet the trace options.
  • file—Configure the trace file information.

    • filename—Name of the file to receive the output of the tracing operation. Enclose the name in quotation marks. All files are placed in the directory /var/log. By default, the name of the file is the name of the process being traced.

    • files number— Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1, and so on, until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

      If you specify a maximum number of files, you also must specify a maximum file size with the size maximum file-size option.

      Range: 2 through 1000 files

      Default: 10 files

  • match regular-expression—Refine the output to include lines that contain the regular expression.

  • size maximum-file-size—Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB).

    Range: 10 KB through 1 GB

    Default: 128 KB

    If you specify a maximum file size, you also must specify a maximum number of trace files with the files number option.

  • (world-readable | no-world-readable)— By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

  • flag flag—Specify which tracing operation to perform. To specify more than one tracing operation, include multiple flag statements. You can include the following flags.

    • all—Trace all areas.

    • configuration—Trace configuration.

    • dynamic-vpn—Trace dynamic VPN events.

    • init—Trace the daemon init process.

    • mgd—Trace MGD requests.

    • webauth—Trace Web authentication requests.

  • level level —Specify the level of debugging output.

    • all—Match all levels.

    • error—Match error conditions.

    • info—Match informational messages.

    • notice—Match conditions that should be handled specially.

    • verbose—Match verbose messages.

    • warning—Match warning messages.

  • no-remote-trace—Disable remote tracing.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.