mod_access.html revision 72d8c9a30f25171e5c85eeae21e0b87331bac2d9
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
ec5347e2c775f027573ce5648b910361aa926c01Automatic UpdaterXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David Lawrence This file is generated from xml source: DO NOT EDIT
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David LawrenceXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews<link href="/style/manual.css" type="text/css" rel="stylesheet">
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews<img alt="[APACHE DOCUMENTATION]" src="/images/sub.gif"><h3>Apache HTTP Server Version 2.0</h3>
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David Lawrence<h1 align="center">Apache Module mod_access</h1>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<table cellspacing="1" cellpadding="0" bgcolor="#cccccc">
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David Lawrence<td><span class="help">Description:</span></td><td>
6b7257f756eb0530cdf54df9a7fab8d51a5001c3David Lawrence<description>Provides access control based on client hostname, IP
6b7257f756eb0530cdf54df9a7fab8d51a5001c3David Lawrenceaddress, or other characteristics of the client request.</description>
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence<td><a href="module-dict.html#Status" class="help">Status:</a></td><td>Base</td>
8f66dad9393ae0724f758c4a51e06ff55c2d1219Brian Wellington<td><a href="module-dict.html#ModuleIdentifier" class="help">Module Identifier:</a></td><td>access_module</td>
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David Lawrence<p>The directives provided by mod_access are used in <code class="directive"><a href="core.html#<directory>" class="directive"><Directory></a></code>, <code class="directive"><a href="core.html#<files>" class="directive"><Files></a></code>, and <code class="directive"><a href="core.html#<location>" class="directive"><Location></a></code> sections as well as
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David Lawrence <code><a href="core.html#accessfilename">.htaccess</a></code>
669e9657c731176df235832367f61435f7b83ddfAndreas Gustafsson files to control access to particular parts of the server. Access
3db78e0855a8dfc162180880cd70d9c1a03d9301David Lawrence can be controlled based on the client hostname, IP address, or
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington other characteristics of the client request, as captured in <a href="/env.html">environment variables</a>. The <code class="directive"><a href="#allow" class="directive">Allow</a></code> and <code class="directive"><a href="#deny" class="directive">Deny</a></code> directives are used to
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington specify which clients are or are not allowed access to the server,
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington while the <code class="directive"><a href="#order" class="directive">Order</a></code>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington directive sets the default access state, and configures how the
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington <code class="directive"><a href="#allow" class="directive">Allow</a></code> and <code class="directive"><a href="#deny" class="directive">Deny</a></code> directives interact with each
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<p>Both host-based access restrictions and password-based
d32b13e0be7f01020365c83a0bd36483ace4d7c3Mark Andrews authentication may be implemented simultaneously. In that case,
d32b13e0be7f01020365c83a0bd36483ace4d7c3Mark Andrews the <code class="directive"><a href="core.html#satisfy" class="directive">Satisfy</a></code> directive is used
b493dfe8bce94b05efc0f161238d32f1234c5670Brian Wellington to determine how the two sets of restrictions interact.</p>
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David Lawrence<p>In general, access restriction directives apply to all
3f96cf3e4f96b36cc1ad2ec7edc5b8e285fced8fBrian Wellington access methods (<code>GET</code>, <code>PUT</code>,
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington <code>POST</code>, etc). This is the desired behavior in most
7318a964ece83f748bc7e9814d8c3a61c2b4d946Mark Andrews cases. However, it is possible to restrict some methods, while
4cd765650776027d05fe7fca248478918e02e63bDavid Lawrence leaving other methods unrestricted, by enclosing the directives
4cd765650776027d05fe7fca248478918e02e63bDavid Lawrence in a <code class="directive"><a href="core.html#<limit>" class="directive"><Limit></a></code> section.</p>
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington<code class="directive"><a href="core.html#satisfy" class="directive">Satisfy</a></code>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<code class="directive"><a href="core.html#require" class="directive">Require</a></code>
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington<a name="Allow">Allow</a> <a name="allow">Directive</a>
debd489a44363870f96f75818e89ec27d3cab736Francis Dupont<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
20bd7b4bbf2437ef2f9109edca168ab0ce8445b3David Lawrence<td><strong>Description: </strong></td><td>Controls which hosts can access an area of the
f7c21e46c4b5fdae516b91374c24a87671f83ea3Andreas Gustafsson<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
94b166ffa58ef0ff263563c0550d0b30eb9f7772David Lawrence<syntax> Allow from
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews [<em>host</em>|env=<em>env-variable</em>] ...</syntax>
b326d7e3a3a50eb65dd06db007d2fddc62606bbfMark Andrews<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
60213f2815a7e6584a2285546d05633fa7b6f5b4Mark Andrews<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>Limit</td>
6150d3cb666a58d5e3a15275562c9fc5c5b6b2d8Evan Hunt<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Base</td>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_access</td>
ecaed3593cd14f2491d1bd81fc98cb940e12f8bbMark Andrews<p>The <code class="directive">Allow</code> directive affects which hosts can
ecaed3593cd14f2491d1bd81fc98cb940e12f8bbMark Andrews access an area of the server. Access can be controlled by
ecaed3593cd14f2491d1bd81fc98cb940e12f8bbMark Andrews hostname, IP Address, IP Address range, or by other
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews characteristics of the client request captured in environment
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews variables.</p>
323bb31d7c54078aa62146b3aa946b755cbfd52bMark Andrews<p>The first argument to this directive is always
547411428e467f2a2848886eaac0a8b3e136a9abEvan Hunt <code>from</code>. The subsequent arguments can take three
547411428e467f2a2848886eaac0a8b3e136a9abEvan Hunt different forms. If <code>Allow from all</code> is specified, then
547411428e467f2a2848886eaac0a8b3e136a9abEvan Hunt all hosts are allowed access, subject to the configuration of the
547411428e467f2a2848886eaac0a8b3e136a9abEvan Hunt <code class="directive"><a href="#deny" class="directive">Deny</a></code> and <code class="directive"><a href="#order" class="directive">Order</a></code> directives as discussed
547411428e467f2a2848886eaac0a8b3e136a9abEvan Hunt below. To allow only particular hosts or groups of hosts to access
547411428e467f2a2848886eaac0a8b3e136a9abEvan Hunt the server, the <em>host</em> can be specified in any of the
547411428e467f2a2848886eaac0a8b3e136a9abEvan Hunt following formats:</p>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews Hosts whose names match, or end in, this string are allowed
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews access. Only complete components are matched, so the above
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews example will match <code>foo.apache.org</code> but it will
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews not match <code>fooapache.org</code>. This configuration will
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews cause the server to perform a reverse DNS lookup on the
62ec9fd1681ffae7d6b0d54618599ecf650e3100Mark Andrews client IP address, regardless of the setting of the <code class="directive"><a href="core.html#hostnamelookups" class="directive">HostnameLookups</a></code>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews directive.</dd>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews An IP address of a host allowed access</dd>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews The first 1 to 3 bytes of an IP address, for subnet
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews restriction.</dd>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews A network a.b.c.d, and a netmask w.x.y.z. For more
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews fine-grained subnet restriction.</dd>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews<dd>Example: <code>Allow from 10.1.0.0/16</code>
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews Similar to the previous case, except the netmask consists of
d96f74a3cb6212ac9e4a7a0fa8924f850348eae9Mark Andrews nnn high-order 1 bits.</dd>
94b166ffa58ef0ff263563c0550d0b30eb9f7772David Lawrence<p>Note that the last three examples above match exactly the
87983da955bf63128de85d180359bdc418516c3cDavid Lawrence same set of hosts.</p>
73a691c373488e4f70387a62462cd8ce0d991705David Lawrence<p>IPv6 addresses and IPv6 subnets can be specified as shown
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews Allow from fe80::a00:20ff:fea7:ccea<br>
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews</blockquote>
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews<p>The third format of the arguments to the
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews <code class="directive">Allow</code> directive allows access to the server
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews to be controlled based on the existence of an <a href="/env.html">environment variable</a>. When <code>Allow from
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews env=</code><em>env-variable</em> is specified, then the request is
b493dfe8bce94b05efc0f161238d32f1234c5670Brian Wellington allowed access if the environment variable <em>env-variable</em>
b493dfe8bce94b05efc0f161238d32f1234c5670Brian Wellington exists. The server provides the ability to set environment
b493dfe8bce94b05efc0f161238d32f1234c5670Brian Wellington variables in a flexible way based on characteristics of the client
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington request using the directives provided by
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington <code><a href="mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington used to allow access based on such factors as the clients
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington <code>User-Agent</code> (browser type), <code>Referer</code>, or
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington other HTTP request header fields.</p>
f07fe5a1ac9d1345eb7a36a0bc38716a03e25f61Mark AndrewsSetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br>
f07fe5a1ac9d1345eb7a36a0bc38716a03e25f61Mark Andrews<Directory /docroot><br>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington Order Deny,Allow<br>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington Deny from all<br>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington Allow from env=let_me_in<br>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington</Directory>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<p>In this case, browsers with a user-agent string beginning
71ca6e64b4d208a090d255eb64c24f945e615ea0Brian Wellington with <code>KnockKnock/2.0</code> will be allowed access, and all
71ca6e64b4d208a090d255eb64c24f945e615ea0Brian Wellington others will be denied.</p>
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews<a name="Deny">Deny</a> <a name="deny">Directive</a>
287910778c57d4836a52b03b697c2ef342d0eaa9Francis Dupont<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<td><strong>Description: </strong></td><td>Controls which hosts are denied access to the
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt<syntax> Deny from
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington [<em>host</em>|env=<em>env-variable</em>] ...</syntax>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>Limit</td>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Base</td>
e4cd5a1e5d0358abeee7618b02b4592c055d957fBrian Wellington<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_access</td>
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt<p>This directive allows access to the server to be restricted
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt based on hostname, IP address, or environment variables. The
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt arguments for the <code class="directive">Deny</code> directive are
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt identical to the arguments for the <code class="directive"><a href="#allow" class="directive">Allow</a></code> directive.</p>
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt<a name="Order">Order</a> <a name="order">Directive</a>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
f07fe5a1ac9d1345eb7a36a0bc38716a03e25f61Mark Andrews<td><strong>Description: </strong></td><td>Controls the default access state and the order in which
f07fe5a1ac9d1345eb7a36a0bc38716a03e25f61Mark AndrewsAllow and Deny are
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellingtonevaluated.</td>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>Order Deny,Allow</code></td>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>Limit</td>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Base</td>
c4f9e613e12f03795bee18cf2ca8e6a9d39d6468Mark Andrews<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_access</td>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<p>The <code class="directive">Order</code> directive controls the default
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews access state and the order in which <code class="directive"><a href="#allow" class="directive">Allow</a></code> and <code class="directive"><a href="#deny" class="directive">Deny</a></code> directives are evaluated.
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<dd>The <code class="directive"><a href="#deny" class="directive">Deny</a></code> directives
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews are evaluated before the <code class="directive"><a href="#allow" class="directive">Allow</a></code> directives. Access is
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews allowed by default. Any client which does not match a
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews <code class="directive"><a href="#deny" class="directive">Deny</a></code> directive or does
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews match an <code class="directive"><a href="#allow" class="directive">Allow</a></code>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews directive will be allowed access to the server.</dd>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<dd>The <code class="directive"><a href="#allow" class="directive">Allow</a></code>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews directives are evaluated before the <code class="directive"><a href="#deny" class="directive">Deny</a></code> directives. Access is denied
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews by default. Any client which does not match an <code class="directive"><a href="#allow" class="directive">Allow</a></code> directive or does match a
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews <code class="directive"><a href="#deny" class="directive">Deny</a></code> directive will be
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews denied access to the server.</dd>
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt<dd>Only those hosts which appear on the <code class="directive"><a href="#allow" class="directive">Allow</a></code> list and do not appear on
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt the <code class="directive"><a href="#deny" class="directive">Deny</a></code> list are
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt granted access. This ordering has the same effect as <code>Order
4eb998928b9aef0ceda42d7529980d658138698aEvan Hunt Allow,Deny</code> and is deprecated in favor of that
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt configuration.</dd>
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt<p>Keywords may only be separated by a comma; no whitespace is
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt allowed between them. Note that in all cases every <code class="directive"><a href="#allow" class="directive">Allow</a></code> and <code class="directive"><a href="#deny" class="directive">Deny</a></code> statement is evaluated.</p>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews<p>In the following example, all hosts in the apache.org domain
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews are allowed access; all other hosts are denied access.</p>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews Order Deny,Allow<br>
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews Deny from all<br>
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<p>In the next example, all hosts in the apache.org domain are
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington allowed access, except for the hosts which are in the
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington foo.apache.org subdomain, who are denied access. All hosts not
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington in the apache.org domain are denied access because the default
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington state is to deny access to the server.</p>
bcdf37e0ff7d73310b7bf247d755194a5718ba38Mark Andrews Order Allow,Deny<br>
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington<p>On the other hand, if the <code>Order</code> in the last
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington example is changed to <code>Deny,Allow</code>, all hosts will
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington be allowed access. This happens because, regardless of the
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington actual ordering of the directives in the configuration file,
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews the <code>Allow from apache.org</code> will be evaluated last
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington and will override the <code>Deny from foo.apache.org</code>.
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington All hosts not in the <code>apache.org</code> domain will also
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington be allowed access because the default state will change to
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt<p>The presence of an <code>Order</code> directive can affect
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt access to a part of the server even in the absence of accompanying
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt <code class="directive"><a href="#allow" class="directive">Allow</a></code> and <code class="directive"><a href="#deny" class="directive">Deny</a></code> directives because of its effect
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt on the default access state. For example,</p>
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt <Directory /www><br>
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt Order Allow,Deny<br>
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt </Directory>
71ca6e64b4d208a090d255eb64c24f945e615ea0Brian Wellington<p>will deny all access to the <code>/www</code> directory
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington because the default access state will be set to
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington<p>The <code class="directive">Order</code> directive controls the order of access
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington directive processing only within each phase of the server's
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington configuration processing. This implies, for example, that an
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington <code class="directive"><a href="#allow" class="directive">Allow</a></code> or <code class="directive"><a href="#deny" class="directive">Deny</a></code> directive occurring in a
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington <code class="directive"><a href="core.html#<location>" class="directive"><Location></a></code> section will
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews always be evaluated after an <code class="directive"><a href="#allow" class="directive">Allow</a></code> or <code class="directive"><a href="#deny" class="directive">Deny</a></code> directive occurring in a
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews <code class="directive"><a href="core.html#<directory>" class="directive"><Directory></a></code> section or
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington <code>.htaccess</code> file, regardless of the setting of the
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington <code class="directive">Order</code> directive. For details on the merging
73a691c373488e4f70387a62462cd8ce0d991705David Lawrence of configuration sections, see the documentation on <a href="/sections.html">How Directory, Location and Files sections
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews<h3 align="center">Apache HTTP Server Version 2.0</h3>
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews<a href="./"><img alt="Index" src="/images/index.gif"></a><a href="../"><img alt="Home" src="/images/home.gif"></a>
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews</blockquote>