mod_authz_host module is used to control access based on client host data (host name, IP address) and request characteristics (environment variables).

Quick start

Sample mod_authz_host .htaccess configuration which allows access from intranet and POST-only request from specified remote host

# deny access by default
Order Allow,Deny

# allow all requests from local network
Allow from

# POST-requests
<Limit POST>
# allow from remote host
Allow from

Related articles and topics


Name Context Description
Allow S V D .h controls which hosts can access an area of the server
Deny S V D .h controls which hosts are denied access to the server
Order S V D .h controls the default access state and the order in which Allow and Deny are evaluated


Allow directive defines which hosts can access particular part of the server. Access can be controlled by hostname, IP Address, IP Address range or by other client request characteristics stored in environment variables.

The first argument of this directive is always from . Subsequent arguments may differ.


Allow from all|host|env=env-variable [host|env=env-variable] [...]


# allow all clients from .org zone
Allow from .org
# allow from 192.168 subnet
Allow from 192.168
# or
Allow from
# or
Allow from
# allow from this IPv6 address
Allow from 2001:db8::a00:20ff:fea7:ccea


Deny directive restricts access to the server based on hostname, IP address, or environment variables. Deny directive arguments are the same as for Allow directive.


Deny from all|host|env=env-variable [host|env=env-variable] [...]


Order directive controls order of Allow and Deny directives processing.


Order [Deny,Allow | Allow,Deny]


Order Deny,Allow

Ordering may be one of the following:

  • Deny,Allow Deny directives are evaluated before the Allow directives. Access is allowed by default. If the client does not match Deny directive or does match Allow directive, he will be allowed access to the server.
  • Allow,Deny Allow directives are evaluated before the Deny directives. Access is denied by default. If the client does not match Allow directive or does match Deny directive, he will be denied access to the server.

Note! Keywords must be separated by comma; no spaces are allowed between them.


In the following example access is denied for all hosts except those on :

Order Deny,Allow
Deny from all
Allow from

In the next example, all hosts in the domain are allowed access, except hosts in subdomain, which are denied access. All hosts not in domain are denied access because access is denied by default.

Order Allow,Deny
Allow from
Deny from

Order directive can affect access to the part of the server even in the absence of Allow and Deny directives as it also defines default access state. In the example below access will be denied to /dir directory because the default access state is set to deny .

<Directory /dir>
	Order Allow,Deny