The arguments for the SR OS file commands are modeled after standard universal resource locater (URL). A URL refers to a file (a file-url) or a directory (a directory-url).
SR OS supports operations on both the local file system and on remote files. For the purposes of categorizing the applicability of commands to local and remote file operations, URLs are divided into five types of URLs: local, ftp, tftp, http, and https. The syntax for each of the URL types are listed in Table: URL types and syntax .
| URL type | Syntax | Notes |
|---|---|---|
local-url |
[cflash-id:\]path |
cflash-id is the compact flash device name. Values: cf1:, cf2:, cf3: |
ftp-url |
ftp://[username[:password]@]host/path |
An absolute FTP path from the root of the remote file system. username is the FTP username password is the FTP user password host is the remote host path is the path to the directory or file |
ftp://[username[:password]@]host/./path |
A relative FTP path from the user’s home directory. Note the period and slash (‟./”) in this syntax compared to the absolute path. |
|
tftp-url |
tftp://host[/path]/filename |
TFTP is only supported for operations on file-urls. |
http-url |
http://[username[:password]@]host[:port]/path |
host is an HTTP server port defaults to 80 |
https-url |
https://[username[:password]@]host[:port]/path |
host is an HTTPS server port defaults to 443 |
If the host portion of the URL is an IPv6 address, then the address should be enclosed in square brackets. For example:
ftp://user:passw@[3ffe::97]/./testfile.txt
tftp://[2001:db8:3333:4444:5555:6666:7777:8888]/./testfile.txt
The system accepts forward slash (/) or backslash (\) characters to delimit directory and/or filenames in URLs. Similarly, the SR OS SCP client application can use either slash or backslash characters, but not all SCP clients treat backslash characters as equivalent to slash characters. In particular, UNIX systems often interprets the backslash character as an escape character. This can cause problems when using an external SCP client application to send files to the SCP server. If the external system treats the backslash like an escape character, the backslash delimiter gets stripped by the parser and is not transmitted to the SCP server.
For example, a destination directory specified as ‟cf1:\dir1\file1” is transmitted to the SCP server as ‟cf1:dir1file1” where the backslash escape characters are stripped by the SCP client system before transmission. On systems where the client treats the backslash like an escape character, a double backslash (\\) or the forward slash (/) can typically be used to properly delimit directories and the filename.
When a special character is used in a password, it can cause issues when that password is encoded as part of a URL. To prevent this issue, percent encoding can be used. Percent encoding is a mechanism to encode 8-bit characters that have specific meaning in the context of URLs. The encoding consists of substitution of a percent character (%) followed by the hexadecimal representation of the ASCII value of the replaced character.
Some file manipulation commands such as copying, removing, or moving files, may request access to an HTTP or HTTPS server. If an HTTP or HTTPS server redirects the system to a different URL (from an "HTTP 301" error or similar response), the system prompts the user "y/n" to either repeat the operation with the new URL or terminate it. These file commands can be configured to force the HTTP redirects without prompting or they can be configured to refuse HTTP redirects. If a file command is redirected more than eight times, or if it queries an HTTPS URL and gets redirected to an HTTP URL, the command automatically terminates as a security measure.
For example, to refuse HTTP redirects, use the no-redirect parameter in the classic CLI command.
A:node-2>file cf3:\ # copy source-url dest-url no-redirect
To refuse HTTP redirects with the MD-CLI command, use the direct-http parameter.
[file "cf3:\"]
A:admin@node-2# copy source-url destination-url direct-http
To force the HTTP redirects without prompting, use the force parameter in either the classic CLI or the MD-CLI.
(Classic): A:node-2>file cf3:\ # copy source-url dest-url force
(MD-CLI):[file "cf3:\"]
A:admin@node-2# copy source-url destination-url force
When connecting to an HTTPS server, the system verifies the server's TLS certificate. For the certificate to pass verification, the system must have a CA profile already configured for the server's Certificate Authority (CA), which specifies up-to-date certificate and CRL files. HTTPS file commands do not use the Online Certificate Status Protocol (OCSP). If the certificate was issued by an intermediate CA, the system must have a CA profile for every CA tracing back to the root CA. If the server's certificate fails verification for any reason, the file command terminates. See the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide for more information about CA profiles.
The CLI command to configure the CA profile is in the configure system security pki ca-profile context.
An HTTPS file command may also include a client-tls-profile parameter, referring to a client TLS profile that provides the cipher list, client certificate, and trust anchor the system uses when communicating with the HTTPS server. See the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for more information about client TLS profiles.
A file command that connects to an HTTP or HTTPS server outside the local network may need to use an HTTP proxy. The user may add the proxy parameter to point to a proxy server (which must be an HTTP URL).