- Installation & Uninstallation
- Local and remote management using IIS 7
- Context and processing order
- Apache compatibility
- core functions
- Release history
- License agreement
mod_authz_host module is used to control access based on client host data (host name, IP address) and request characteristics (environment variables).
Sample mod_authz_host .htaccess configuration which allows access from intranet and POST-only request from specified remote host
# deny access by default Order Allow,Deny # allow all requests from local network Allow from 192.168.0.0/16 # POST-requests <Limit POST> # allow from remote host Allow from 126.96.36.199 </Limit>
Related articles and topics
- HTTP Authentication and Authorization
- Enabling site authentication not using Windows users
|Allow||S V D .h||controls which hosts can access an area of the server|
|Deny||S V D .h||controls which hosts are denied access to the server|
|Order||S V D .h||controls the default access state and the order in which Allow and Deny are evaluated|
directive defines which hosts can access particular
part of the server. Access can be controlled by hostname, IP Address,
IP Address range or by other client request characteristics stored
in environment variables.
The first argument of this directive is always
. Subsequent arguments may differ.
Allow from all|host|env=env-variable [host|env=env-variable] [...]
# allow all clients from .org zone Allow from .org # allow from 192.168 subnet Allow from 192.168 # or Allow from 192.168.0.0/16 # or Allow from 192.168.0.0/255.255.0.0 # allow from this IPv6 address Allow from 2001:db8::a00:20ff:fea7:ccea
directive restricts access to the server based on hostname,
IP address, or environment variables.
arguments are the same as for
Deny from all|host|env=env-variable [host|env=env-variable] [...]
directive controls order of
Order [Deny,Allow | Allow,Deny]
Ordering may be one of the following:
Denydirectives are evaluated before the
Allowdirectives. Access is allowed by default. If the client does not match
Denydirective or does match
Allowdirective, he will be allowed access to the server.
Allowdirectives are evaluated before the
Denydirectives. Access is denied by default. If the client does not match
Allowdirective or does match
Denydirective, he will be denied access to the server.
Note! Keywords must be separated by comma; no spaces are allowed between them.
In the following example access is denied for all hosts except those on
Order Deny,Allow Deny from all Allow from domain.com
In the next example, all hosts in the
domain are allowed
access, except hosts in
subdomain, which are denied
access. All hosts not in
domain are denied access because
access is denied by default.
Order Allow,Deny Allow from domain.com Deny from foo.domain.com
directive can affect access to the part of the server
even in the absence of
as it also defines default access state. In the example below access will be
directory because the default access state is set to
<Directory /dir> Order Allow,Deny </Directory>