manual/mod/mod_access.html

	mod_access.html revision 1997e02bed99bd0c081962ade257a0ea12ebe15b
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<HTML>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<HEAD>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<TITLE>Apache module mod_access</TITLE>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</HEAD>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<BODY
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen BGCOLOR="#FFFFFF"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen TEXT="#000000"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen LINK="#0000FF"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen VLINK="#000080"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen ALINK="#FF0000"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!--#include virtual="header.html" -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<H1 ALIGN="CENTER">Module mod_access</H1>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenThis module provides access control based on client hostname or IP
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenaddress.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P><A
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenHREF="module-dict.html#Status"
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenREL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Status:</STRONG></A> Base
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<BR>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenHREF="module-dict.html#SourceFile"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenREL="Help"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen><STRONG>Source File:</STRONG></A> mod_access.c
e1f05b193ac1edd3267294e9501e8063aa0f791aTimo Sirainen<BR>
e1f05b193ac1edd3267294e9501e8063aa0f791aTimo Sirainen<A
e1f05b193ac1edd3267294e9501e8063aa0f791aTimo SirainenHREF="module-dict.html#ModuleIdentifier"
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenREL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Module Identifier:</STRONG></A> access_module
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<H2>Directives</H2>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<UL>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<LI><A HREF="#allow">Allow</A>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<LI><A HREF="#allowfromenv">Allow from env=</A>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<LI><A HREF="#deny">Deny</A>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<LI><A HREF="#denyfromenv">Deny from env=</A>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<LI><A HREF="#order">Order</A>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</UL>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>See also <A HREF="core.html#satisfy">Satisfy</A>
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen    and <A HREF="core.html#require">Require</A>.
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen<HR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<H2><A NAME="allow">Allow directive</A></H2>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<!--%plaintext &lt;?INDEX {\tt Allow} directive&gt; -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen HREF="directive-dict.html#Syntax"
ca316aeb7648d3f1bcf45231f73ddeb1b67a6961Timo Sirainen REL="Help"
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen><STRONG>Syntax:</STRONG></A> Allow from <EM>host</em> [<em>host</EM>] ...<BR>
50c4a9739b55370b1d3950d7b3ec2f7cd2ed5f49Timo Sirainen<A
50c4a9739b55370b1d3950d7b3ec2f7cd2ed5f49Timo Sirainen HREF="directive-dict.html#Context"
50c4a9739b55370b1d3950d7b3ec2f7cd2ed5f49Timo Sirainen REL="Help"
50c4a9739b55370b1d3950d7b3ec2f7cd2ed5f49Timo Sirainen><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen HREF="directive-dict.html#Override"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen REL="Help"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen><STRONG>Override:</STRONG></A> Limit<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen HREF="directive-dict.html#Status"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Status:</STRONG></A> Base<BR>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Module"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Module:</STRONG></A> mod_access
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenThe Allow directive affects which hosts can access a given directory.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<EM>Host</EM> is one of the following:
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DL>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<DT><CODE>all</CODE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>All hosts are allowed access
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A (partial) domain-name
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>Hosts whose names match, or end in, this string are allowed access.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A full IP address
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<DD>An IP address of a host allowed access
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A partial IP address
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>The first 1 to 3 bytes of an IP address, for subnet restriction.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A network/netmask pair
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>A network a.b.c.d, and a netmask w.x.y.z.  For more fine-grained subnet
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    restriction.  (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0)
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A network/nnn CIDR specification
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>Similar to the previous case, except the netmask consists of nnn
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    high-order 1 bits.  (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</DL>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenExample:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<BLOCKQUOTE><CODE>Allow from .ncsa.uiuc.edu</CODE></BLOCKQUOTE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenAll hosts in the specified domain are allowed access.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenNote that this compares whole components; <CODE>bar.edu</CODE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenwould not match <CODE>foobar.edu</CODE>.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenSee also <A HREF="#allowfromenv">Allow from env=</A>, <A
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenHREF="#deny">Deny</A> and <A HREF="#order">Order</A>.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<HR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<H2><A NAME="allowfromenv">Allow from env= directive</A></H2>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<STRONG>Syntax:</STRONG> Allow from
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen env=<EM>variablename</EM><BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Context"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Override"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Override:</STRONG></A> Limit<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Status"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Status:</STRONG></A> Base<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Module"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Module:</STRONG></A> mod_access
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenThe <CODE>Allow from env</CODE> directive controls access to a directory by the
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenexistence (or non-existence) of an environment variable.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenExample:
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<BLOCKQUOTE><PRE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenSetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen&lt;Directory /docroot&gt;
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Order Deny,Allow
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Deny from all
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Allow from env=let_me_in
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen&lt;/Directory&gt;
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</PRE></BLOCKQUOTE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenIn this case browsers with the user-agent string <TT>KnockKnock/2.0</TT> will
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenbe allowed access, and all others will be denied.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenSee also <A HREF="#denyfromenv">Deny from env=</A>, <A HREF="#order">Order</A>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenand <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<HR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<H2><A NAME="deny">Deny directive</A></H2>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<!--%plaintext &lt;?INDEX {\tt Deny} directive&gt; -->
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Syntax"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Syntax:</STRONG></A> Deny from <EM>host</em> [<em>host</EM>] ...<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Context"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen HREF="directive-dict.html#Override"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen REL="Help"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen><STRONG>Override:</STRONG></A> Limit<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Status"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen><STRONG>Status:</STRONG></A> Base<BR>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen HREF="directive-dict.html#Module"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen><STRONG>Module:</STRONG></A> mod_access
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen</P>
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen<P>
0a51697f82fbd45a511710479e99efd42dc18453Timo SirainenThe <CODE>Deny</CODE> directive affects which hosts can access a given directory.
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen<EM>Host</EM> is one of the following:
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen</P>
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen<DL>
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen<DT><CODE>all</CODE>
0a51697f82fbd45a511710479e99efd42dc18453Timo Sirainen<DD>all hosts are denied access
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A (partial) domain-name
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<DD>host whose name is, or ends in, this string are denied access.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A full IP address
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<DD>An IP address of a host denied access
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<DT>A partial IP address
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>The first 1 to 3 bytes of an IP address, for subnet restriction.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A network/netmask pair
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>A network a.b.c.d, and a netmask w.x.y.z.  For more fine-grained subnet
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    restriction.  (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0)
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>A network/nnn CIDR specification
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>Similar to the previous case, except the netmask consists of nnn
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    high-order 1 bits.  (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0)
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</DL>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenExample:
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<BLOCKQUOTE><CODE>Deny from 16</CODE></BLOCKQUOTE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenAll hosts in the specified network are denied access.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenNote that this compares whole components; <CODE>bar.edu</CODE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenwould not match <CODE>foobar.edu</CODE>.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenSee also <A HREF="#denyfromenv">Deny from env=</A>, <A
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenHREF="#allow">Allow</A> and <A HREF="#order">Order</A>.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<HR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<H2><A NAME="denfromenv">Deny from env= directive</A></H2>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<STRONG>Syntax:</STRONG> Deny from
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen env=<EM>variablename</EM><BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen HREF="directive-dict.html#Context"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Override"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Override:</STRONG></A> Limit<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Status"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Status:</STRONG></A> Base<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Module"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Module:</STRONG></A> mod_access
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenThe <CODE>Deny from env</CODE> directive controls access to a directory by the
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenexistence (or non-existence) of an environment variable.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenExample:
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<BLOCKQUOTE><PRE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenSetEnvIf User-Agent ^BadRobot/0.9 go_away
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen&lt;Directory /docroot&gt;
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Order Allow,Deny
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Allow from all
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Deny from env=go_away
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen&lt;/Directory&gt;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</PRE></BLOCKQUOTE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenIn this case browsers with the user-agent string <TT>BadRobot/0.9</TT> will
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenbe denied access, and all others will be allowed.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenSee also <A HREF="#allowfromenv">Allow from env=</A>, <A
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenHREF="#order">Order</A> and <A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenHREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<HR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<H2><A NAME="order">Order directive</A></H2>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<!--%plaintext &lt;?INDEX {\tt Order} directive&gt; -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen HREF="directive-dict.html#Syntax"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Syntax:</STRONG></A> Order <EM>ordering</EM><BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Default"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Default:</STRONG></A> <CODE>Order Deny,Allow</CODE><BR>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Context"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen<A
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen HREF="directive-dict.html#Override"
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Override:</STRONG></A> Limit<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Status"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Status:</STRONG></A> Base<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen HREF="directive-dict.html#Module"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen REL="Help"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen><STRONG>Module:</STRONG></A> mod_access
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenThe <CODE>Order</CODE> directive controls the order in which
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<A HREF="#allow">Allow</A> and <A HREF="#deny">Deny</A> directives are
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenevaluated. <EM>Ordering</EM> is one
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenof
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<DL>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<DT>Deny,Allow
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>the <CODE>Deny</CODE> directives are evaluated before the <CODE>Allow</CODE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainendirectives.  (The initial state is OK.)
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DT>Allow,Deny
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>the <CODE>Allow</CODE> directives are evaluated before the <CODE>Deny</CODE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainendirectives.  (The initial state is FORBIDDEN.)
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen<DT>Mutual-failure
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<DD>Only those hosts which appear on the <CODE>Allow</CODE> list and do not
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenappear on the <CODE>Deny</CODE> list are granted access.  (The initial state is
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenirrelevant.)  This ordering has the same effect as <code>Order Allow,Deny</code>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenand is deprecated in favor of that configuration.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</DL>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenKeywords may only be separated by a comma; no whitespace is allowed between
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenthem.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<STRONG>Note that in all cases every <CODE>Allow</CODE> and <CODE>Deny</CODE>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatement is evaluated, there is no &quot;short-circuiting&quot;.</STRONG>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenExample:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<BLOCKQUOTE><CODE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Order Deny,Allow<BR>
992a13add4eea0810e4db0f042a595dddf85536aTimo Sirainen    Deny from all<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    Allow from .ncsa.uiuc.edu<BR>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</CODE></BLOCKQUOTE>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo SirainenHosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainendenied access.
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</P>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen<P>See also: <A HREF="#deny">Deny</A> and <A HREF="#allow">Allow</A>.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!--#include virtual="footer.html" -->
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</BODY>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen</HTML>
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen