| home / internet / security / apache / chap5 / 2 |   [next] |
|
|
|
[The following is a continuation of our series of excerpts from chapter 5 of the O'Reilly title, Apache: The Definitive Guide.]
So far we have dealt with potential
users on an individual basis. We can also allow access from or deny
access to specific IP addresses, hostnames, or groups of addresses
and hostnames. The commands are allow
from and deny
from.
The order in which the allow and
deny commands are applied is not set by the order
in which they appear in your file. The default order is
deny then allow : if a client
is excluded by deny, it is excluded unless it
matches allow. If neither is matched, the client
is granted access.
The order in which these commands is applied can be set by the
order directive.
| allow from |
allow from host host ... directory, .htaccess |
The allow
directive controls access to a directory. The argument
host can be one of the following:
allAll hosts are allowed access.
All hosts whose names match or end in this string are allowed access.
The first one to three bytes of an IP address are allowed access, for subnet restriction.
Network a.b.c.d and netmask w.x.y.z are allowed access, to give finer-grained subnet control. For instance, 10.1.0.0/255.255.0.0.
The netmask consists of nnn high-order 1-bits. For instance, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0.
| allow from env |
allow from env=variablename ... directory, .htaccess |
The allow from
env directive controls access by the existence of
a named environment variable. For instance:
BrowserMatch ^KnockKnock/2.0 let_me_in
<Directory /docroot>
order deny,allow
deny from all
allow from env=let_me_in
</Directory>Access by a browser called KnockKnock v2.0 sets an environment
variable let_me_in,which in
turn triggersallow
from.
| home / internet / security / apache / chap5 / 2 | [next] |
| ||||||||||||||||||||
Created: March 3, 2003
Revised: March 3, 2003
URL: http://webreference.com/internet/apache/chap5/2/
