mod_authz_host

Overview

mod_authz_host module is used to control access based on client host data (host name, IP address) and request characteristics (environment variables).

Quick start

Sample mod_authz_host .htaccess configuration which allows access from intranet and POST-only request from specified remote host

# deny access by default
Order Allow,Deny

# allow all requests from local network
Allow from 192.168.0.0/16

# POST-requests
<Limit POST>
# allow from remote host
Allow from 74.75.76.77
</Limit>

Related articles and topics

Directives

Context Name Description
S V D .h Allow controls which hosts can access an area of the server
S V D .h Deny controls which hosts are denied access to the server
S V D .h Order controls the default access state and the order in which Allow and Deny are evaluated

Allow

Allow directive defines which hosts can access particular part of the server. Access can be controlled by hostname, IP Address, IP Address range or by other client request characteristics stored in environment variables.

The first argument of this directive is always from. Subsequent arguments may differ.

Syntax

Allow from all|host|env=env-variable [host|env=env-variable] [...]

Example

# allow all clients from .org zone
Allow from .org
# allow from 192.168 subnet
Allow from 192.168
# or
Allow from 192.168.0.0/16
# or
Allow from 192.168.0.0/255.255.0.0
# allow from this IPv6 address
Allow from 2001:db8::a00:20ff:fea7:ccea

Deny

Deny directive restricts access to the server based on hostname, IP address, or environment variables. Deny directive arguments are the same as for Allowdirective.

Syntax

Deny from all|host|env=env-variable [host|env=env-variable] [...]

Order

Order directive controls order of Allow and Deny directives processing.

Syntax

Order [Deny,Allow | Allow,Deny]

Default

Order Deny,Allow

Ordering may be one of the following:

  • Deny,AllowDeny directives are evaluated before the Allow directives. Access is allowed by default. If the client does not match Deny directive or does match Allow directive, he will be allowed access to the server.
  • Allow,DenyAllow directives are evaluated before the Deny directives. Access is denied by default. If the client does not match Allow directive or does match Deny directive, he will be denied access to the server.

Note! Keywords must be separated by comma; no spaces are allowed between them.

Examples

In the following example access is denied for all hosts except those on domain.com:

Order Deny,Allow
Deny from all
Allow from domain.com

In the next example, all hosts in the domain.com domain are allowed access, except hosts in foo.domain.com subdomain, which are denied access. All hosts not in domain.com domain are denied access because access is denied by default.

Order Allow,Deny
Allow from domain.com
Deny from foo.domain.com

Order directive can affect access to the part of the server even in the absence of Allow and Deny directives as it also defines default access state. In the example below access will be denied to /dir directory because the default access state is set to deny.

<Directory /dir>
	Order Allow,Deny
</Directory>