[APACHE DOCUMENTATION]

Module mod_access

This module is contained in the mod_access.c file, and is compiled in by default. It provides access control based on client hostname or IP address.
  • allow
  • allow from env=
  • deny
  • deny from env=
  • order

  • allow

    Syntax: allow from host host ...
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: mod_access

    The allow directive affects which hosts can access a given directory. Host is one of the following:

    all
    all hosts are allowed access
    A (partial) domain-name
    host whose name is, or ends in, this string are allowed access.
    A full IP address
    An IP address of a host allowed access
    A partial IP address
    The first 1 to 3 bytes of an IP address, for subnet restriction.
    Example:
    allow from .ncsa.uiuc.edu
    All hosts in the specified domain are allowed access.

    Note that this compares whole components; bar.edu would not match foobar.edu.

    See also deny, order, and BrowserMatch.

    Syntax: allow from env=variablename
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: mod_access
    Compatibility: Apache 1.2 and above

    The allow from env directive controls access to a directory by the existence (or non-existence) of an environment variable. Example:

    BrowserMatch ^KnockKnock/2.0 let_me_in
    <Directory /docroot>
    order allow,deny
    allow from env=let_me_in
    deny from all
    </Directory>
    
    See also deny from env and order.


    deny

    Syntax: deny from host host ...
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: mod_access

    The deny directive affects which hosts can access a given directory. Host is one of the following:

    all
    all hosts are denied access
    A (partial) domain-name
    host whose name is, or ends in, this string are denied access.
    A full IP address
    An IP address of a host denied access
    A partial IP address
    The first 1 to 3 bytes of an IP address, for subnet restriction.
    Example:
    deny from 16
    All hosts in the specified network are denied access.

    Note that this compares whole components; bar.edu would not match foobar.edu.

    See also allow and order.

    Syntax: deny from env=variablename
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: mod_access
    Compatibility: Apache 1.2 and above

    The deny from env directive controls access to a directory by the existence (or non-existence) of an environment variable. Example:

    BrowserMatch ^BadRobot/0.9 go_away
    <Directory /docroot>
    order deny,allow
    deny from env=go_away
    allow from all
    </Directory>
    
    See also allow from env and order.


    order

    Syntax: order ordering
    Default: order deny,allow
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: mod_access

    The order directive controls the order in which allow and deny directives are evaluated. Ordering is one of

    deny,allow
    the deny directives are evaluated before the allow directives. (The initial state is OK.)
    allow,deny
    the allow directives are evaluated before the deny directives. (The initial state is FORBIDDEN.)
    mutual-failure
    Only those hosts which appear on the allow list and do not appear on the deny list are granted access. (The initial state is irrelevant.)
    Note that in all cases every allow and deny statement is evaluated, there is no "short-circuiting".

    Example:

    order deny,allow
    deny from all
    allow from .ncsa.uiuc.edu
    Hosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are denied access.
    Index Home