Apache Authentication and Order Allow, and Deny - From Apache: The Definitive Guide (1/6) | WebReference

Apache Authentication and Order Allow, and Deny - From Apache: The Definitive Guide (1/6)

Apache: The Definitive Guide, Chapter 5: Authentication

Order, Allow, and Deny

[The following is a continuation of our series of excerpts from chapter 5 of the O'Reilly title, Apache: The Definitive Guide.]

So far we have dealt with potential users on an individual basis. We can also allow access from or deny access to specific IP addresses, hostnames, or groups of addresses and hostnames. The commands are allow from and deny from.

The order in which the allow and deny commands are applied is not set by the order in which they appear in your file. The default order is deny then allow : if a client is excluded by deny, it is excluded unless it matches allow. If neither is matched, the client is granted access.

The order in which these commands is applied can be set by the order directive.

allow from

allow from host host ...
directory, .htaccess

The allow directive controls access to a directory. The argument host can be one of the following:

all

All hosts are allowed access.

A (partial) domain name

All hosts whose names match or end in this string are allowed access.

A full IP address

The first one to three bytes of an IP address are allowed access, for subnet restriction.

A network/netmask pair

Network a.b.c.d and netmask w.x.y.z are allowed access, to give finer-grained subnet control. For instance, 10.1.0.0/255.255.0.0.

A network CIDR specification

The netmask consists of nnn high-order 1-bits. For instance, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0.

allow from env

allow from env=variablename ...
directory, .htaccess

The allow from env directive controls access by the existence of a named environment variable. For instance:

BrowserMatch ^KnockKnock/2.0 let_me_in
<Directory /docroot>
order deny,allow
deny from all
allow from env=let_me_in
</Directory>

Access by a browser called KnockKnock v2.0 sets an environment variable let_me_in,which in turn triggersallow from.


Created: March 3, 2003
Revised: March 3, 2003

URL: http://webreference.com/internet/apache/chap5/2/