22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian Maeder<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian Maeder<HTML>

df098122ddc81fe1cb033a151f7305c1dda2dc81Christian Maeder<HEAD>

b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder<TITLE>Apache module mod_access</TITLE>

98890889ffb2e8f6f722b00e265a211f13b5a861Corneliu-Claudiu Prodescu</HEAD>

2eeec5240b424984e3ee26296da1eeab6c6d739eChristian Maeder

22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian Maeder<BODY

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder BGCOLOR="#FFFFFF"

e6d40133bc9f858308654afb1262b8b483ec5922Till Mossakowski TEXT="#000000"

679d3f541f7a9ede4079e045f7758873bb901872Till Mossakowski LINK="#0000FF"

679d3f541f7a9ede4079e045f7758873bb901872Till Mossakowski VLINK="#000080"

1bb1684c83317dfd1692ab53415027b67d8f2faeTill Mossakowski ALINK="#FF0000"

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder>

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder<H1 ALIGN="CENTER">Module mod_access</H1>

5a87ed846cc38cb0e3adf8f736d95614d3e724a3Christian Maeder<P>

4a8f990902448d0562fbe1a98ce685ddbd531d38Christian MaederThis module is contained in the <CODE>mod_access.c</CODE> file, and

f3faf4e4346b6224a3aaeeac11bac8b5c8932a29Christian Maederis compiled in by default. It provides access control based on client

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maederhostname or IP address.

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder</P>

953127f27b7854580057a92e8269fd7a8716a800Christian Maeder

f3faf4e4346b6224a3aaeeac11bac8b5c8932a29Christian Maeder<UL>

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder<LI><A HREF="#allow">allow</A>

74b841a4b332085d5fd79975a13313c2681ae595Christian Maeder<LI><A HREF="#allowfromenv">allow from env=</A>

74b841a4b332085d5fd79975a13313c2681ae595Christian Maeder<LI><A HREF="#deny">deny</A>

f3faf4e4346b6224a3aaeeac11bac8b5c8932a29Christian Maeder<LI><A HREF="#denyfromenv">deny from env=</A>

010997ddd12186698c1ebdbcddb63a670552b3c2Adrián Riesco<LI><A HREF="#order">order</A>

f3faf4e4346b6224a3aaeeac11bac8b5c8932a29Christian Maeder</UL>

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<HR>

43b4c41fbb07705c9df321221ab9cb9832460407Christian Maeder

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder

ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder<h2><A name="allow">allow directive</A></h2>

1bc5dccbf0083a620ae1181c717fea75e4af5e5cChristian Maeder<P>

e9249d3ecd51a2b6a966a58669953e58d703adc6Till Mossakowski<A

ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder HREF="directive-dict.html#Syntax"

410ff490af511ffa09b52e4de631d36a154b9730Christian Maeder REL="Help"

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder><STRONG>Syntax:</STRONG></A> allow from <EM>host host ...</EM><BR>

ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder<A

1842453990fed8a1bd7a5ac792d7982c1d2bfcd5Christian Maeder HREF="directive-dict.html#Context"

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder REL="Help"

ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder><STRONG>Context:</STRONG></A> directory, .htaccess<BR>

6892075087077b9a2f9baa1663be4afcee2e7254Christian Maeder<A

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder HREF="directive-dict.html#Override"

a80f2865b6b40a922bcccfce0cb0d047edc33e3aChristian Maeder REL="Help"

54ea981a0503c396c2923a1c06421c6235baf27fChristian Maeder><STRONG>Override:</STRONG></A> Limit<BR>

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder<A

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder HREF="directive-dict.html#Status"

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder REL="Help"

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder><STRONG>Status:</STRONG></A> Base<BR>

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder<A

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder HREF="directive-dict.html#Module"

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder REL="Help"

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder><STRONG>Module:</STRONG></A> mod_access

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder</P>

ad270004874ce1d0697fb30d7309f180553bb315Christian Maeder<P>

ad270004874ce1d0697fb30d7309f180553bb315Christian MaederThe allow directive affects which hosts can access a given directory.

410ff490af511ffa09b52e4de631d36a154b9730Christian Maeder<EM>Host</EM> is one of the following:

a80f2865b6b40a922bcccfce0cb0d047edc33e3aChristian Maeder</P>

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder<DL>

22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian Maeder<DT><CODE>all</CODE>

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<DD>All hosts are allowed access

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DT>A (partial) domain-name

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DD>Hosts whose names match, or end in, this string are allowed access.

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DT>A full IP address

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DD>An IP address of a host allowed access

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DT>A partial IP address

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DD>The first 1 to 3 bytes of an IP address, for subnet restriction.

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DT>A network/netmask pair (<STRONG>Apache 1.3 and later</STRONG>)

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder restriction. (i.e. 10.1.0.0/255.255.0.0)

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DT>A network/nnn CIDR specification (<STRONG>Apache 1.3 and later</STRONG>)

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<DD>Similar to the previous case, except the netmask consists of nnn

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder high-order 1 bits. (i.e. 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0)

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder</DL>

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<P>

95c27038582e8a2ce24923bee69ef15931b8b87bChristian MaederExample:

f1b14608f0f3db464c3aded480e49522d73b08e5Christian Maeder</P>

9192fdd8f0e682ac0f0183dd854d5210fbfa4ec5Christian Maeder<BLOCKQUOTE><CODE>allow from .ncsa.uiuc.edu</CODE></BLOCKQUOTE>

f1b14608f0f3db464c3aded480e49522d73b08e5Christian Maeder<P>

f1b14608f0f3db464c3aded480e49522d73b08e5Christian MaederAll hosts in the specified domain are allowed access.

f1b14608f0f3db464c3aded480e49522d73b08e5Christian Maeder</P>

4fc9de0da898448f1d3597ebbd8c04a066464c21Christian Maeder<P>

9192fdd8f0e682ac0f0183dd854d5210fbfa4ec5Christian MaederNote that this compares whole components; <CODE>bar.edu</CODE>

f1b14608f0f3db464c3aded480e49522d73b08e5Christian Maederwould not match <CODE>foobar.edu</CODE>.

f1b14608f0f3db464c3aded480e49522d73b08e5Christian Maeder</P>

f1b14608f0f3db464c3aded480e49522d73b08e5Christian Maeder<P>

95c27038582e8a2ce24923bee69ef15931b8b87bChristian MaederSee also <A HREF="#deny">deny</A>, <A HREF="#order">order</A>, and

7688e20f844fe88f75c04016841ebb5e5e3d927fChristian Maeder<A HREF="mod_browser.html#browsermatch">BrowserMatch</A>.

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder</P>

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder<P>

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder<A name="allowfromenv"><STRONG>Syntax:</STRONG> allow from env=<EM>variablename</EM></A><BR>

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder<A

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder HREF="directive-dict.html#Context"

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder REL="Help"

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder><STRONG>Context:</STRONG></A> directory, .htaccess<BR>

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder<A

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder HREF="directive-dict.html#Override"

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder REL="Help"

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder><STRONG>Override:</STRONG></A> Limit<BR>

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder<A

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder HREF="directive-dict.html#Status"

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder REL="Help"

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder><STRONG>Status:</STRONG></A> Base<BR>

7688e20f844fe88f75c04016841ebb5e5e3d927fChristian Maeder<A

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder HREF="directive-dict.html#Module"

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder REL="Help"

be3f5e3e69900ececafea5b010a8400f26af5362Christian Maeder><STRONG>Module:</STRONG></A> mod_access<BR>

8528053a6a766c3614276df0f59fb2a2e8ab6d18Christian Maeder<A

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder HREF="directive-dict.html#Compatibility"

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder REL="Help"

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder><STRONG>Compatibility:</STRONG></A> Apache 1.2 and above

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder</P>

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder<P>

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian MaederThe allow from env directive controls access to a directory by the

0d0047d6eb457b56ff10987569769a420754a56fChristian Maederexistence (or non-existence) of an environment variable.

d11391a2447a2005329a95b5d770f24e62bf5b63Christian Maeder</P>

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder<P>

0d0047d6eb457b56ff10987569769a420754a56fChristian MaederExample:

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder</P>

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder<BLOCKQUOTE><PRE>

0d0047d6eb457b56ff10987569769a420754a56fChristian MaederBrowserMatch ^KnockKnock/2.0 let_me_in

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder&lt;Directory /docroot&gt;

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder order deny,allow

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder deny from all

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder allow from env=let_me_in

412aa5e819f3cd18f0be10b5571661036515b151Christian Maeder&lt;/Directory&gt;

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder</PRE></BLOCKQUOTE>

a67bea25edc56bbab82c1a1fc6b51e132452188cChristian MaederIn this case browsers with the user-agent string <TT>KnockKnock/2.0</TT> will

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maederbe allowed access, and all others will be denied.

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder<P>

278af20bd154d99e884bdf8c66d35d36699643c9Christian MaederSee also <A HREF="#denyfromenv">deny from env</A>

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maederand <A HREF="#order">order</A>.

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder</P>

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder<HR>

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder<h2><A name="deny">deny directive</A></h2>

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder<P>

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder<A

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder HREF="directive-dict.html#Syntax"

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder REL="Help"

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder><STRONG>Syntax:</STRONG></A> deny from <EM>host host ...</EM><BR>

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder<A

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder HREF="directive-dict.html#Context"

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder REL="Help"

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder><STRONG>Context:</STRONG></A> directory, .htaccess<BR>

81337d455794a0b50fae10b53d0ed85d9e8f2fafChristian Maeder<A

412aa5e819f3cd18f0be10b5571661036515b151Christian Maeder HREF="directive-dict.html#Override"

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder REL="Help"

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder><STRONG>Override:</STRONG></A> Limit<BR>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<A

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder HREF="directive-dict.html#Status"

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder REL="Help"

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder><STRONG>Status:</STRONG></A> Base<BR>

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder<A

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder HREF="directive-dict.html#Module"

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder REL="Help"

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder><STRONG>Module:</STRONG></A> mod_access

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder</P>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<P>

46947810076241f06f3e2919edb2289ed84d6c15Christian MaederThe deny directive affects which hosts can access a given directory.

bd986fa9d0f451b8166efdb9027c153d101aa65bChristian Maeder<EM>Host</EM> is one of the following:

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder</P>

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder<DL>

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder<DT><CODE>all</CODE>

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder<DD>all hosts are denied access

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<DT>A (partial) domain-name

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder<DD>host whose name is, or ends in, this string are denied access.

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder<DT>A full IP address

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<DD>An IP address of a host denied access

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<DT>A partial IP address

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<DD>The first 1 to 3 bytes of an IP address, for subnet restriction.

cc4537e2e13b93e08fc8391d3abb8e412cb71b80Christian Maeder<DT>A network/netmask pair (<STRONG>Apache 1.3 and later</STRONG>)

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet

cc4537e2e13b93e08fc8391d3abb8e412cb71b80Christian Maeder restriction. (i.e. 10.1.0.0/255.255.0.0)

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder<DT>A network/nnn CIDR specification (<STRONG>Apache 1.3 and later</STRONG>)

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<DD>Similar to the previous case, except the netmask consists of nnn

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder high-order 1 bits. (i.e. 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0)

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder</DL>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<P>

cc4537e2e13b93e08fc8391d3abb8e412cb71b80Christian MaederExample:

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder</P>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<BLOCKQUOTE><CODE>deny from 16</CODE></BLOCKQUOTE>

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder<P>

cc4537e2e13b93e08fc8391d3abb8e412cb71b80Christian MaederAll hosts in the specified network are denied access.

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder</P>

6892075087077b9a2f9baa1663be4afcee2e7254Christian Maeder<P>

6892075087077b9a2f9baa1663be4afcee2e7254Christian MaederNote that this compares whole components; <CODE>bar.edu</CODE>

6892075087077b9a2f9baa1663be4afcee2e7254Christian Maederwould not match <CODE>foobar.edu</CODE>.

cc4537e2e13b93e08fc8391d3abb8e412cb71b80Christian Maeder</P>

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder<P>

a4cb1786d23060c8521a88f08f9909589fa83a12Christian MaederSee also <A HREF="#allow">allow</A> and <A HREF="#order">order</A>.

a4cb1786d23060c8521a88f08f9909589fa83a12Christian Maeder</P>

46947810076241f06f3e2919edb2289ed84d6c15Christian Maeder

fa15ba427d20bfe2b50fbe6e2f6f51616aaed016Christian Maeder<P>

fa15ba427d20bfe2b50fbe6e2f6f51616aaed016Christian Maeder<A name="denyfromenv"><STRONG>Syntax:</STRONG> deny from env=<EM>variablename</EM></A><BR>

fa15ba427d20bfe2b50fbe6e2f6f51616aaed016Christian Maeder<A

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder HREF="directive-dict.html#Context"

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder REL="Help"

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder><STRONG>Context:</STRONG></A> directory, .htaccess<BR>

1af66b491a6164e07ac202abfa0d06c6c2462d64Christian Maeder<A

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder HREF="directive-dict.html#Override"

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder REL="Help"

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder><STRONG>Override:</STRONG></A> Limit<BR>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<A

3d774b4dfa0e459c1a3b08b4aa32c85aa4875362Christian Maeder HREF="directive-dict.html#Status"

3d774b4dfa0e459c1a3b08b4aa32c85aa4875362Christian Maeder REL="Help"

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder><STRONG>Status:</STRONG></A> Base<BR>

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder<A

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder HREF="directive-dict.html#Module"

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder REL="Help"

95c27038582e8a2ce24923bee69ef15931b8b87bChristian Maeder><STRONG>Module:</STRONG></A> mod_access<BR>

3d774b4dfa0e459c1a3b08b4aa32c85aa4875362Christian Maeder<A

3d774b4dfa0e459c1a3b08b4aa32c85aa4875362Christian Maeder HREF="directive-dict.html#Compatibility"

7297175957c5ad3c0498032190b1dee9ec5fb873Christian Maeder REL="Help"

792df0347edab377785d98c63e2be8e2ce0a8bdeChristian Maeder><STRONG>Compatibility:</STRONG></A> Apache 1.2 and above

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder</P>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder<P>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian MaederThe deny from env directive controls access to a directory by the

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maederexistence (or non-existence) of an environment variable.

d75d2d11170f1339ebe37d9d9c06aff148637b13Christian Maeder</P>

d75d2d11170f1339ebe37d9d9c06aff148637b13Christian Maeder<P>

d75d2d11170f1339ebe37d9d9c06aff148637b13Christian MaederExample:

3f9fabb8ac5cfd9234431ecf19b51ff3e985595aChristian Maeder</P>

83259a366597461d24e6b9236a8a33e201798e4dChristian Maeder<BLOCKQUOTE><PRE>

e2e17b0b9cfa80cd17495911be5572e420806611Christian MaederBrowserMatch ^BadRobot/0.9 go_away

de66af0f4b27f08f81c7ca9c573ef9cdf7ca7a07Christian Maeder&lt;Directory /docroot&gt;

c30cfe2a6ab063befdfb47449bc286caee6d8fc3Christian Maeder order allow,deny

c30cfe2a6ab063befdfb47449bc286caee6d8fc3Christian Maeder allow from all

bdf2e01977470bedcb4425e2dadabc9e9f6ba149Ewaryst Schulz deny from env=go_away

eaf02872307b4578250fbeb9dc371cac177b0924Ewaryst Schulz&lt;/Directory&gt;

278af20bd154d99e884bdf8c66d35d36699643c9Christian Maeder</PRE></BLOCKQUOTE>

95c27038582e8a2ce24923bee69ef15931b8b87bChristian MaederIn this case browsers with the user-agent string <TT>BadRobot/0.9</TT> will

df098122ddc81fe1cb033a151f7305c1dda2dc81Christian Maederbe denied access, and all others will be allowed.

df098122ddc81fe1cb033a151f7305c1dda2dc81Christian Maeder

df098122ddc81fe1cb033a151f7305c1dda2dc81Christian Maeder<P>

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian MaederSee also <A HREF="#allowfromenv">allow from env</A>

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maederand <A HREF="#order">order</A>.

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder</P>

1c8c2b04b40b5c054da07b8d059e5ef29d4dbc32Christian Maeder<HR>

df098122ddc81fe1cb033a151f7305c1dda2dc81Christian Maeder

a67bea25edc56bbab82c1a1fc6b51e132452188cChristian Maeder<h2><A name="order">order directive</A></h2>

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<P>

2afae0880da7ca73c9376fd4d653ab19833fe858Christian Maeder<A

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian Maeder HREF="directive-dict.html#Syntax"

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder REL="Help"

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder><STRONG>Syntax:</STRONG></A> order <EM>ordering</EM><BR>

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder<A

4fc9de0da898448f1d3597ebbd8c04a066464c21Christian Maeder HREF="directive-dict.html#Default"

22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian Maeder REL="Help"

6892075087077b9a2f9baa1663be4afcee2e7254Christian Maeder><STRONG>Default:</STRONG></A> <CODE>order deny,allow</CODE><BR>

28cbeb7eb61216d3b5a27dca176333d1ff8d3357Mihai Codescu<A

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder HREF="directive-dict.html#Context"

c0380b947eef252db81ee562246bb732555427f4Till Mossakowski REL="Help"

7a6c50ecdec40e0278e8ed4fdadfd669112d887dChristian Maeder><STRONG>Context:</STRONG></A> directory, .htaccess<BR>

b4a750119742b015a815e6f370a7d58e7a4de634Christian Maeder<A

b4a750119742b015a815e6f370a7d58e7a4de634Christian Maeder HREF="directive-dict.html#Override"

1c8293dcdc80913c9d1188a62682ad85f0eb21e1Christian Maeder REL="Help"

1c8293dcdc80913c9d1188a62682ad85f0eb21e1Christian Maeder><STRONG>Override:</STRONG></A> Limit<BR>

b4a750119742b015a815e6f370a7d58e7a4de634Christian Maeder<A

fa15ba427d20bfe2b50fbe6e2f6f51616aaed016Christian Maeder HREF="directive-dict.html#Status"

fa15ba427d20bfe2b50fbe6e2f6f51616aaed016Christian Maeder REL="Help"

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder><STRONG>Status:</STRONG></A> Base<BR>

95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<A

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder HREF="directive-dict.html#Module"

7a6c50ecdec40e0278e8ed4fdadfd669112d887dChristian Maeder REL="Help"

22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian Maeder><STRONG>Module:</STRONG></A> mod_access

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder</P>

9192fdd8f0e682ac0f0183dd854d5210fbfa4ec5Christian Maeder<P>

22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian MaederThe order directive controls the order in which <A HREF="#allow">allow</A> and

4c7f058cdd19ce67b2b5d4b7f69703d0f8a21e38Christian Maeder<A HREF="#deny">deny</A> directives are evaluated. <EM>Ordering</EM> is one

4c7f058cdd19ce67b2b5d4b7f69703d0f8a21e38Christian Maederof

fa15ba427d20bfe2b50fbe6e2f6f51616aaed016Christian Maeder</P>

fa15ba427d20bfe2b50fbe6e2f6f51616aaed016Christian Maeder<DL>

4c7f058cdd19ce67b2b5d4b7f69703d0f8a21e38Christian Maeder<DT>deny,allow

58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski<DD>the deny directives are evaluated before the allow directives. (The

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maederinitial state is OK.)

7a6c50ecdec40e0278e8ed4fdadfd669112d887dChristian Maeder<DT>allow,deny

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder<DD>the allow directives are evaluated before the deny directives. (The

9192fdd8f0e682ac0f0183dd854d5210fbfa4ec5Christian Maederinitial state is FORBIDDEN.)

58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski<DT>mutual-failure

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder<DD>Only those hosts which appear on the allow list and do not appear

7a6c50ecdec40e0278e8ed4fdadfd669112d887dChristian Maederon the deny list are granted access. (The initial state is irrelevant.)

0d0047d6eb457b56ff10987569769a420754a56fChristian Maeder</DL>

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maeder<P>

9192fdd8f0e682ac0f0183dd854d5210fbfa4ec5Christian Maeder<STRONG>Note that in all cases every <CODE>allow</CODE> and <CODE>deny</CODE>

a05cad7f2f387b795a71a3aaec543c78e1b89d38Christian Maederstatement is evaluated, there is no &quot;short-circuiting&quot;.</STRONG>

9192fdd8f0e682ac0f0183dd854d5210fbfa4ec5Christian Maeder</P>

5a87ed846cc38cb0e3adf8f736d95614d3e724a3Christian Maeder<P>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian MaederExample:

5a87ed846cc38cb0e3adf8f736d95614d3e724a3Christian Maeder</P>

5a87ed846cc38cb0e3adf8f736d95614d3e724a3Christian Maeder<BLOCKQUOTE><CODE>

e379124f467e5d0ef7d3c0ca238bff0521f70831Till Mossakowski order deny,allow<BR>

c5bc8d60f7c753f81746828329d9e92db1ab7abaChristian Maeder deny from all<BR>

24f14a27a838087b661c2e66fdec4e436ddbd832Christian Maeder allow from .ncsa.uiuc.edu<BR>

24f14a27a838087b661c2e66fdec4e436ddbd832Christian Maeder</CODE></BLOCKQUOTE>

24f14a27a838087b661c2e66fdec4e436ddbd832Christian Maeder<P>

4dfed20c33d6c11a723c0c34d4a38006b9f8d4c1Christian MaederHosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are

6b00a9239fe7c804524099ca3d25f4ffc6079ceeChristian Maederdenied access.

22dd6d9af47163ee081d6c505d0a13dbf40ba87aChristian Maeder</P>

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder</BODY>

996a56a455d65cfac4ddedd44fd90cfc1ea849aeChristian Maeder</HTML>

a67bea25edc56bbab82c1a1fc6b51e132452188cChristian Maeder