mod_authz_host
mod_authz_host overview
mod_authz_host
module is used to control access based on client host data (host name, IP address)
and request characteristics (environment variables).
mod_authz_host directives
Allow
| Description: |
Controls which hosts can access an area of the server |
| Syntax: |
Allow from all|host|env=env-variable [host|env=env-variable]
... |
| Context: |
directory, .htaccess |
| Module: |
mod_authz_host |
Allow directive defines which hosts can access particular
part of the server. Access can be controlled by hostname, IP Address,
IP Address range or by other client request characteristics stored
in environment variables.
The first argument of this directive is always from.
Subsequent arguments may differ.
Example:
# allow all clients from .org zone
Allow from .org
# allow from 192.168 subnet
Allow from 192.168
# or
Allow from 192.168.0.0/16
# or
Allow from 192.168.0.0/255.255.0.0
# allow from this IPv6 address
Allow from 2001:db8::a00:20ff:fea7:ccea
Deny
| Description: |
Controls which hosts are denied access to the server |
| Syntax: |
Deny from all|host|env=env-variable [host|env=env-variable]
... |
| Context: |
directory, .htaccess |
| Module: |
mod_authz_host |
Deny directive restricts access to the server based on hostname,
IP address, or environment variables. Deny directive
arguments are the same as for Allow directive.
Order
| Description: |
Controls the default access state and the order in which Allow and Deny
are evaluated |
| Syntax: |
Order ordering |
| Default: |
Order Deny,Allow |
| Context: |
directory, .htaccess |
| Module: |
mod_authz_host |
Order directive controls order of Allow
and Deny directives processing. Ordering may be one of the
following:
- Deny,Allow - Deny directives are evaluated
before the Allow directives. Access is allowed
by default. If the client does not match Deny directive or
does match Allow directive, he will be allowed access to
the server.
- Allow,Deny - Allow directives are evaluated
before the Deny directives. Access is denied
by default. If the client does not match Allow directive
or does match Deny directive, he will be denied access to
the server.
- Mutual-failure - Only the hosts that are present in Allow
list and are absent in Deny list are granted access.
This ordering has the same effect as Order Allow,Deny and
is deprecated in favor of that configuration.
Note! Keywords
must be separated by comma; no spaces are allowed between them.
Example:
In the following example access is denied for all hosts except those on
domain.com:
Order Deny,Allow
Deny from all
Allow from domain.com
In the next example, all hosts in the domain.com domain are allowed
access, except hosts in foo.domain.com subdomain, which are denied
access. All hosts not in domain.com domain are denied access because
access is denied by default.
Example:
Order Allow,Deny
Allow from domain.com
Deny from foo.domain.com
Order directive can affect access to the part of the server
even in the absence of Allow and Deny directives
as it also defines default access state. In the example below access will be
denied to /dir directory because the default access state is set to
deny.
Example:
<Directory /dir
Order Allow,Deny
</Directory>
