access.html.en revision 419d55842022e9e257941bfe226549661fb2c6c7
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>Access Control - Apache HTTP Server</title>
<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
</script>
<body id="manual-page"><div id="page-header">
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.5</p>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">How-To / Tutorials</a></div><div id="page-content"><div id="preamble"><h1>Access Control</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="/en/howto/access.html" title="English"> en </a></p>
</div>
<p>Access control refers to any means of controlling access to any
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#related">Related Modules and Directives</a></li>
<li><img alt="" src="/images/down.gif" /> <a href="#env">Access control by arbitrary variables</a></li>
<li><img alt="" src="/images/down.gif" /> <a href="#rewrite">Access control with mod_rewrite</a></li>
</ul></div>
<div class="section">
<h2><a name="related" id="related">Related Modules and Directives</a></h2>
<p>Access control can be done by several different modules. The most
important of these are <code class="module"><a href="/mod/mod_authz_core.html">mod_authz_core</a></code> and
<code class="module"><a href="/mod/mod_authz_host.html">mod_authz_host</a></code>. Also discussed in this document
is access control using <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
<div class="section">
<h2><a name="host" id="host">Access control by host</a></h2>
<p>
If you wish to restrict access to portions of your site based on the
host address of your visitors, this is most easily done using
</p>
provides a variety of different ways to allow or deny access to
resources. In conjunction with the <code class="directive"><a href="/mod/mod_authz_core.html#requireall">RequireAll</a></code>, <code class="directive"><a href="/mod/mod_authz_core.html#requireany">RequireAny</a></code>, and <code class="directive"><a href="/mod/mod_authz_core.html#requirenone">RequireNone</a></code> directives, these
requirements may be combined in arbitrarily complex ways, to enforce
whatever your access policy happens to be.</p>
<div class="warning"><p>
provided by <code class="module"><a href="/mod/mod_access_compat.html">mod_access_compat</a></code>, are deprecated and
will go away in a future version. You should avoid using them, and
avoid outdated tutorials recommending their use.
</p></div>
<p>The usage of these directives is:</p>
<pre class="prettyprint lang-config">
Require host <var>address</var>
</pre>
<p>In the first form, <var>address</var> is a fully qualified
domain name (or a partial domain name); you may provide multiple
addresses or domain names, if desired.</p>
specification. Either IPv4 or IPv6 addresses may be used.</p>
mod_authz_host documentation</a> for further examples of this
syntax.</p>
<p>You can insert <code>not</code> to negate a particular requirement.
For example, if you have someone spamming your message
board, and you want to keep them out, you could do the
following:</p>
<div class="example"><p><code>
Require not ip 10.252.46.165
</code></p></div>
<p>Visitors coming from that address will not be able to see
the content covered by this directive. If, instead, you have a
machine name, rather than an IP address, you can use that.</p>
<div class="example"><p><code>
</code></p></div>
<p>And, if you'd like to block access from an entire domain,
you can specify just part of an address or domain name:</p>
<pre class="prettyprint lang-config">
Require not ip <var>192.168.205</var>
Require not gov
</pre>
<p>Use of the <code class="directive"><a href="/mod/mod_authz_core.html#requireall">RequireAll</a></code>, <code class="directive"><a href="/mod/mod_authz_core.html#requireany">RequireAny</a></code>, and <code class="directive"><a href="/mod/mod_authz_core.html#requirenone">RequireNone</a></code> directives may be
used to enforce more complex sets of requirements.</p>
<div class="section">
<h2><a name="env" id="env">Access control by arbitrary variables</a></h2>
you can allow or deny access based on arbitrary environment
variables or request header values. For example, to deny access
based on user-agent (the browser type) you might do the
following:</p>
<pre class="prettyprint lang-config">
<If "%{HTTP_USER_AGENT} = 'BadBot'">
Require All Denied
</If>
</pre>
<div class="note"><h3>Warning:</h3>
<p>Access control by <code>User-Agent</code> is an unreliable technique,
since the <code>User-Agent</code> header can be set to anything at all,
at the whim of the end user.</p>
</div>
further discussion of what expression syntaxes and variables are
available to you.</p>
<div class="section">
<h2><a name="rewrite" id="rewrite">Access control with mod_rewrite</a></h2>
<p>The <code>[F]</code> <code class="directive"><a href="/mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> flag causes a 403 Forbidden
response to be sent. Using this, you can deny access to a resource based
on arbitrary criteria.</p>
<p>For example, if you wish to block access to a resource between 8pm
and 6am, you can do this using <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
<pre class="prettyprint lang-config">
RewriteEngine On
RewriteCond %{TIME_HOUR} >20 [OR]
RewriteCond %{TIME_HOUR} <07
RewriteRule ^/fridge - [F]
</pre>
<p>This will return a 403 Forbidden response for any request after 8pm
or before 7am. This technique can be used for any criteria that you wish
to check. You can also redirect, or otherwise rewrite these requests, if
that approach is preferred.</p>
added in 2.4, replaces many things that <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code> has
traditionally been used to do, and you should probably look there first
before resorting to mod_rewrite.</p>
<div class="section">
<h2><a name="moreinformation" id="moreinformation">More information</a></h2>
great deal of power to do a variety of things based on arbitrary
server variables, and you should consult that document for more
detail.</p>
<p>Also, you should read the <code class="module"><a href="/mod/mod_authz_core.html">mod_authz_core</a></code>
documentation for examples of combining multiple access requirements
and specifying how they interact.</p>
howto.</p>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="/en/howto/access.html" title="English"> en </a></p>
</div><div id="footer">
<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript">
if (typeof(prettyPrint) !== undefined) {
prettyPrint();
}
</script>
</body></html>