• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

19.1. mod_access

The mod_access module resolves which clients are allowed to access server directories based on their IP address or hostname.

allow

allow from hostname hostname ...

[Within <Directory> or .htaccess]

The allow directive specifies which hosts can access a given directory in the site. The hostname can be any of the following:


Domain name

A domain name, like .oreilly.com. Only hosts from the domain are permitted access.


Hostname

A full hostname.


Full IP address

An IP address of a host.


Partial IP address

The first 1 to 3 bytes of an IP address, for subnet restriction.


Network address/netmask

A full network address, followed by a full netmask. (i.e., 192.168.220.110/255.255.255.0)


Network address/CIDR specification

A full network address, followed by an abbreviated netmask. (i.e., 192.168.220.110/24 is equivalent to 192.168.220.110/255.255.255.0)


all"

Using this option means that all hosts are allowed.

There can be only one allow directive per section. If omitted, there is no default.

(All)

allow

allow from env=variable

[Within <Directory> or .htaccess]

The allow from env directive sets whether access to a directory should be granted if a specific environment variable exists. For example, the following grants access to the secret directory if the client is using Version 5.0 of the "InternetStar" browser, via a user-agent string:

BrowserMatch ^InternetStar/5.0 ACCESS_GRANTED
<Directory /secret>
order deny, allow
deny from all
allow from env=ACCESS_GRANTED
</Directory>

(Apache 1.2 or later)

deny

deny from hostname hostname ...

[Within <Directory> or .htaccess]

The deny directive specifies which hosts are denied access to a directory. The hostname can be one of the following:


Domain name"

A domain name, like .oreilly.com. Hosts from that domain are denied access.


Hostname"

A full hostname.


Full IP address"

The IP address of a host.


Partial IP address"

The first 1 to 3 bytes of an IP address, for subnet restriction.


Network address/netmask

A full network address, followed by a full netmask. (i.e., 192.168.220.110/255.255.255.0)


Network address/CIDR specification

A full network address, followed by an abbreviated netmask. (i.e., 192.168.220.110/24 is equivalent to 192.168.220.110/255.255.255.0)


all"

Using the word all means that all hosts are denied access.

deny

deny from env=variable

[Within <Directory> or .htaccess]

The deny from env directive sets whether access to a directory should be denied if a specific environment variable exists. For example, access to the secret directory is denied if the client is using Version 4.0 of the "InternetStar" browser, via a user-agent string:

BrowserMatch ^InternetStar/4.0 ACCESS_DENIED
<Directory /secret>
order deny, allow
deny from env=ACCESS_DENIED
allow from all
</Directory>

(Apache 1.2 or later)

order

order order

[Within <Directory> or .htaccess]

The order directive specifies the order in which deny and allow directives are evaluated. The order directive can take one of the following forms:


order deny,allow"

deny directives are evaluated before allow directives (this is the default).


order allow,deny"

allow directives are evaluated before deny directives.


order mutual-failure

This setting means that any host appearing on the allow list is allowed, and any host listed on the deny list is denied. Finally, any host not appearing on either list is denied.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint