2271N/A<!
DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2271N/A<
TITLE>Apache module mod_access</
TITLE>
2271N/A<!-- Background white, links blue (unvisited), navy (visited), red (active) --> 2271N/A<
H1 ALIGN="CENTER">Module mod_access</
H1>
2271N/Ais compiled in by default. It provides access control based on client
2271N/A<
LI><
A HREF="#allow">allow</
A>
2271N/A<
LI><
A HREF="#allowfromenv">allow from env=</
A>
2271N/A<
LI><
A HREF="#deny">deny</
A>
2271N/A<
LI><
A HREF="#denyfromenv">deny from env=</
A>
2271N/A<
LI><
A HREF="#order">order</
A>
2271N/A<
H2><
A NAME="allow">allow directive</
A></
H2>
2271N/A<!--%plaintext <?INDEX {\tt allow} directive> --> 2271N/A><
STRONG>Syntax:</
STRONG></
A> allow from <
EM>host host ...</
EM><
BR>
2271N/A><
STRONG>Context:</
STRONG></
A> directory, .htaccess<
BR>
2271N/A><
STRONG>Override:</
STRONG></
A> Limit<
BR>
2271N/A><
STRONG>Status:</
STRONG></
A> Base<
BR>
2271N/A><
STRONG>Module:</
STRONG></
A> mod_access
2271N/AThe allow directive affects which hosts can access a given directory.
2271N/A<
EM>Host</
EM> is one of the following:
2271N/A<
DD>All hosts are allowed access
2271N/A<
DD>Hosts whose names match, or end in, this string are allowed access.
2271N/A<
DD>An IP address of a host allowed access
2271N/A<
DD>The first 1 to 3 bytes of an IP address, for subnet restriction.
2271N/A<
DD>Similar to the previous case, except the netmask consists of nnn
2271N/AAll hosts in the specified domain are allowed access.
2271N/ASee also <
A HREF="#deny">deny</
A>, <
A HREF="#order">order</
A>, and
2271N/A<
A NAME="allowfromenv"><
STRONG>Syntax:</
STRONG> allow from
2271N/A env=<
EM>variablename</
EM></
A><
BR>
2271N/A><
STRONG>Context:</
STRONG></
A> directory, .htaccess<
BR>
2271N/A><
STRONG>Override:</
STRONG></
A> Limit<
BR>
2271N/A><
STRONG>Status:</
STRONG></
A> Base<
BR>
2271N/A><
STRONG>Module:</
STRONG></
A> mod_access<
BR>
2271N/A><
STRONG>Compatibility:</
STRONG></
A> Apache 1.2 and above
2271N/AThe allow from env directive controls access to a directory by the
2271N/Aexistence (or non-existence) of an environment variable.
2271N/Abe allowed access, and all others will be denied.
2271N/ASee also <
A HREF="#denyfromenv">deny from env</
A>
2271N/Aand <
A HREF="#order">order</
A>.
2271N/A<
H2><
A NAME="deny">deny directive</
A></
H2>
2271N/A<!--%plaintext <?INDEX {\tt deny} directive> --> 2271N/A><
STRONG>Syntax:</
STRONG></
A> deny from <
EM>host host ...</
EM><
BR>
2271N/A><
STRONG>Context:</
STRONG></
A> directory, .htaccess<
BR>
2271N/A><
STRONG>Override:</
STRONG></
A> Limit<
BR>
2271N/A><
STRONG>Status:</
STRONG></
A> Base<
BR>
2271N/A><
STRONG>Module:</
STRONG></
A> mod_access
2271N/AThe deny directive affects which hosts can access a given directory.
2271N/A<
EM>Host</
EM> is one of the following:
2271N/A<
DD>all hosts are denied access
2271N/A<
DD>host whose name is, or ends in, this string are denied access.
2271N/A<
DD>An IP address of a host denied access
2271N/A<
DD>The first 1 to 3 bytes of an IP address, for subnet restriction.
2271N/A<
DD>Similar to the previous case, except the netmask consists of nnn
2271N/A<
BLOCKQUOTE><
CODE>deny from 16</
CODE></
BLOCKQUOTE>
2271N/AAll hosts in the specified network are denied access.
2271N/ASee also <
A HREF="#allow">allow</
A> and <
A HREF="#order">order</
A>.
2271N/A<
A NAME="denyfromenv"><
STRONG>Syntax:</
STRONG> deny from
2271N/A env=<
EM>variablename</
EM></
A><
BR>
2271N/A><
STRONG>Context:</
STRONG></
A> directory, .htaccess<
BR>
2271N/A><
STRONG>Override:</
STRONG></
A> Limit<
BR>
2271N/A><
STRONG>Status:</
STRONG></
A> Base<
BR>
2271N/A><
STRONG>Module:</
STRONG></
A> mod_access<
BR>
2271N/A><
STRONG>Compatibility:</
STRONG></
A> Apache 1.2 and above
2271N/AThe deny from env directive controls access to a directory by the
2271N/Aexistence (or non-existence) of an environment variable.
2271N/Abe denied access, and all others will be allowed.
2271N/ASee also <
A HREF="#allowfromenv">allow from env</
A>
2271N/Aand <
A HREF="#order">order</
A>.
2271N/A<
H2><
A NAME="order">order directive</
A></
H2>
2271N/A<!--%plaintext <?INDEX {\tt order} directive> --> 2271N/A><
STRONG>Syntax:</
STRONG></
A> order <
EM>ordering</
EM><
BR>
2271N/A><
STRONG>Default:</
STRONG></
A> <
CODE>order deny,allow</
CODE><
BR>
2271N/A><
STRONG>Context:</
STRONG></
A> directory, .htaccess<
BR>
2271N/A><
STRONG>Override:</
STRONG></
A> Limit<
BR>
2271N/A><
STRONG>Status:</
STRONG></
A> Base<
BR>
2271N/A><
STRONG>Module:</
STRONG></
A> mod_access
2271N/AThe order directive controls the order in which <
A HREF="#allow">allow</
A> and
2271N/A<
A HREF="#deny">deny</
A> directives are evaluated. <
EM>Ordering</
EM> is one
2271N/A<
DD>the deny directives are evaluated before the allow directives. (The
2271N/A<
DD>the allow directives are evaluated before the deny directives. (The
2271N/Ainitial state is FORBIDDEN.)
2271N/A<
DD>Only those hosts which appear on the allow list and do not appear
2271N/Aon the deny list are granted access. (The initial state is irrelevant.)
2271N/AKeywords may only be separated by a comma; no whitespace is allowed between
2271N/A<
STRONG>Note that in all cases every <
CODE>allow</
CODE> and <
CODE>deny</
CODE>
2271N/Astatement is evaluated, there is no "short-circuiting".</
STRONG>