www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-07-04 05:22:30 +03:00
Code Activity
Files
4519f66cb15d7960107e58859b33e8bc9ae35fef
apache/docs/manual/mod/mod_access.html
Joshua Slive 6029357ba4 Deprecate "Order Mutual-failure". 
Submitted by:	 lbayuk@mindspring.com (ljb) (via usenet)
Reviewed by:	Joshua Slive


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86356 13f79535-47bb-0310-9956-ffa450edef68
2000-09-29 18:31:37 +00:00

342 lines
8.9 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Apache module mod_access</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_access</H1>
<P>
This module provides access control based on client hostname or IP
address.
</P>
<P><A
HREF="module-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Base
<BR>
<A
HREF="module-dict.html#SourceFile"
REL="Help"
><STRONG>Source File:</STRONG></A> mod_access.c
<BR>
<A
HREF="module-dict.html#ModuleIdentifier"
REL="Help"
><STRONG>Module Identifier:</STRONG></A> access_module
</P>
<H2>Directives</H2>
<UL>
<LI><A HREF="#allow">Allow</A>
<LI><A HREF="#allowfromenv">Allow from env=</A>
<LI><A HREF="#deny">Deny</A>
<LI><A HREF="#denyfromenv">Deny from env=</A>
<LI><A HREF="#order">Order</A>
</UL>
<P>See also <A HREF="core.html#satisfy">Satisfy</A>
and <A HREF="core.html#require">Require</A>.
<HR>
<H2><A NAME="allow">Allow directive</A></H2>
<P>
<!--%plaintext &lt;?INDEX {\tt Allow} directive&gt; -->
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Allow from <EM>host host ...</EM><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> Limit<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Base<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_access
</P>
<P>
The Allow directive affects which hosts can access a given directory.
<EM>Host</EM> is one of the following:
</P>
<DL>
<DT><CODE>all</CODE>
<DD>All hosts are allowed access
<DT>A (partial) domain-name
<DD>Hosts whose names match, or end in, this string are allowed access.
<DT>A full IP address
<DD>An IP address of a host allowed access
<DT>A partial IP address
<DD>The first 1 to 3 bytes of an IP address, for subnet restriction.
<DT>A network/netmask pair
<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet
restriction. (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0)
<DT>A network/nnn CIDR specification
<DD>Similar to the previous case, except the netmask consists of nnn
high-order 1 bits. (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0)
</DL>
<P>
Example:
</P>
<BLOCKQUOTE><CODE>Allow from .ncsa.uiuc.edu</CODE></BLOCKQUOTE>
<P>
All hosts in the specified domain are allowed access.
</P>
<P>
Note that this compares whole components; <CODE>bar.edu</CODE>
would not match <CODE>foobar.edu</CODE>.
</P>
<P>
See also <A HREF="#allowfromenv">Allow from env=</A>, <A
HREF="#deny">Deny</A> and <A HREF="#order">Order</A>.
</P>
<HR>
<H2><A NAME="allowfromenv">Allow from env= directive</A></H2>
<P>
<STRONG>Syntax:</STRONG> Allow from
env=<EM>variablename</EM><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> Limit<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Base<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_access
</P>
<P>
The <CODE>Allow from env</CODE> directive controls access to a directory by the
existence (or non-existence) of an environment variable.
</P>
<P>
Example:
</P>
<BLOCKQUOTE><PRE>
SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
&lt;Directory /docroot&gt;
Order Deny,Allow
Deny from all
Allow from env=let_me_in
&lt;/Directory&gt;
</PRE></BLOCKQUOTE>
In this case browsers with the user-agent string <TT>KnockKnock/2.0</TT> will
be allowed access, and all others will be denied.
<P>
See also <A HREF="#denyfromenv">Deny from env=</A>, <A HREF="#order">Order</A>
and <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>.
</P>
<HR>
<H2><A NAME="deny">Deny directive</A></H2>
<P>
<!--%plaintext &lt;?INDEX {\tt Deny} directive&gt; -->
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Deny from <EM>host host ...</EM><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> Limit<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Base<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_access
</P>
<P>
The <CODE>Deny</CODE> directive affects which hosts can access a given directory.
<EM>Host</EM> is one of the following:
</P>
<DL>
<DT><CODE>all</CODE>
<DD>all hosts are denied access
<DT>A (partial) domain-name
<DD>host whose name is, or ends in, this string are denied access.
<DT>A full IP address
<DD>An IP address of a host denied access
<DT>A partial IP address
<DD>The first 1 to 3 bytes of an IP address, for subnet restriction.
<DT>A network/netmask pair
<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet
restriction. (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0)
<DT>A network/nnn CIDR specification
<DD>Similar to the previous case, except the netmask consists of nnn
high-order 1 bits. (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0)
</DL>
<P>
Example:
</P>
<BLOCKQUOTE><CODE>Deny from 16</CODE></BLOCKQUOTE>
<P>
All hosts in the specified network are denied access.
</P>
<P>
Note that this compares whole components; <CODE>bar.edu</CODE>
would not match <CODE>foobar.edu</CODE>.
</P>
<P>
See also <A HREF="#denyfromenv">Deny from env=</A>, <A
HREF="#allow">Allow</A> and <A HREF="#order">Order</A>.
</P>
<HR>
<H2><A NAME="denfromenv">Deny from env= directive</A></H2>
<P>
<STRONG>Syntax:</STRONG> Deny from
env=<EM>variablename</EM><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> Limit<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Base<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_access
</P>
<P>
The <CODE>Deny from env</CODE> directive controls access to a directory by the
existence (or non-existence) of an environment variable.
</P>
<P>
Example:
</P>
<BLOCKQUOTE><PRE>
SetEnvIf User-Agent ^BadRobot/0.9 go_away
&lt;Directory /docroot&gt;
Order Allow,Deny
Allow from all
Deny from env=go_away
&lt;/Directory&gt;
</PRE></BLOCKQUOTE>
In this case browsers with the user-agent string <TT>BadRobot/0.9</TT> will
be denied access, and all others will be allowed.
<P>
See also <A HREF="#allowfromenv">Allow from env=</A>, <A
HREF="#order">Order</A> and <A
HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>.
</P>
<HR>
<H2><A NAME="order">Order directive</A></H2>
<P>
<!--%plaintext &lt;?INDEX {\tt Order} directive&gt; -->
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Order <EM>ordering</EM><BR>
<A
HREF="directive-dict.html#Default"
REL="Help"
><STRONG>Default:</STRONG></A> <CODE>Order Deny,Allow</CODE><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> Limit<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Base<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_access
</P>
<P>
The <CODE>Order</CODE> directive controls the order in which
<A HREF="#allow">Allow</A> and <A HREF="#deny">Deny</A> directives are
evaluated. <EM>Ordering</EM> is one
of
</P>
<DL>
<DT>Deny,Allow
<DD>the <CODE>Deny</CODE> directives are evaluated before the <CODE>Allow</CODE>
directives. (The initial state is OK.)
<DT>Allow,Deny
<DD>the <CODE>Allow</CODE> directives are evaluated before the <CODE>Deny</CODE>
directives. (The initial state is FORBIDDEN.)
<DT>Mutual-failure
<DD>Only those hosts which appear on the <CODE>Allow</CODE> list and do not
appear on the <CODE>Deny</CODE> list are granted access. (The initial state is
irrelevant.) This ordering has the same effect as <code>Order Allow,Deny</code>
and is deprecated in favor of that configuration.
</DL>
<P>
Keywords may only be separated by a comma; no whitespace is allowed between
them.
<STRONG>Note that in all cases every <CODE>Allow</CODE> and <CODE>Deny</CODE>
statement is evaluated, there is no &quot;short-circuiting&quot;.</STRONG>
</P>
<P>
Example:
</P>
<BLOCKQUOTE><CODE>
Order Deny,Allow<BR>
Deny from all<BR>
Allow from .ncsa.uiuc.edu<BR>
</CODE></BLOCKQUOTE>
<P>
Hosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are
denied access.
</P>
<P>See also: <A HREF="#deny">Deny</A> and <A HREF="#allow">Allow</A>.
<!--#include virtual="footer.html" -->
</BODY>
</HTML>
View Git Blame Copy Permalink