<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<HTML>

<HEAD>

<TITLE>Apache module mod_access</TITLE>

</HEAD>

<BODY>

<H1>Module mod_access</h1>

This module is contained in the <code>mod_access.c</code> file, and

is compiled in by default. It provides access control based on client

hostname or IP address.

<menu>

<li><A HREF="#allow">allow</A>

<li><A HREF="#deny">deny</A>

<li><A HREF="#order">order</A>

</menu>

<hr>

<A name="allow"><h2>allow</h2></A>

<strong>Syntax:</strong> allow from <em>host host ...</em><br>

<Strong>Context:</strong> directory, .htaccess<br>

<Strong>Override:</strong> Limit<br>

<strong>Status:</strong> Base<br>

<strong>Module:</strong> mod_access<p>

The allow directive affects which hosts can access a given directory; it is

typically used within a <A HREF="core.html#limit">&lt;Limit&gt;</A> section.

<em>Host</em> is one of the following:

<dl>

<dt><code>all</code>

<dd>all hosts are allowed access

<dt>A (partial) domain-name

<dd>host whose name is, or ends in, this string are allowed access.

<dt>A full IP address

<dd>An IP address of a host allowed access

<dt>A partial IP address

<dd>The first 1 to 3 bytes of an IP address, for subnet restriction.

</dl>

Example:<blockquote><code>allow from .ncsa.uiuc.edu</code></blockquote>

All hosts in the specified domain are allowed access.<p>

Note that this compares whole components; <code>bar.edu</code>

would not match <code>foobar.edu</code>.<p>

See also <A HREF="#deny">deny</A> and <A HREF="#order">order</A>.<p><hr>

<A name="deny"><h2>deny</h2></A>

<strong>Syntax:</strong> deny from <em>host host ...</em><br>

<Strong>Context:</strong> directory, .htaccess<br>

<Strong>Override:</strong> Limit<br>

<strong>Status:</strong> Base<br>

<strong>Module:</strong> mod_access<p>

The deny directive affects which hosts can access a given directory; it is

typically used within a <A HREF="core.html#limit">&lt;Limit&gt;</A> section.

<em>Host</em> is one of the following:

<dl>

<dt><code>all</code>

<dd>all hosts are denied access

<dt>A (partial) domain-name

<dd>host whose name is, or ends in, this string are denied access.

<dt>A full IP address

<dd>An IP address of a host denied access

<dt>A partial IP address

<dd>The first 1 to 3 bytes of an IP address, for subnet restriction.

</dl>

Example:<blockquote><code>deny from 16</code></blockquote>

All hosts in the specified network are denied access.<p>

Note that this compares whole components; <code>bar.edu</code>

would not match <code>foobar.edu</code>.<p>

See also <A HREF="#allow">allow</A> and <A HREF="#order">order</A>.<p><hr>

<A name="order"><h2>order</h2></A>

<strong>Syntax:</strong> order <em>ordering</em><br>

<strong>Default:</strong> <code>order deny,allow</code><br>

<strong>Context:</strong> directory, .htaccess<br>

<strong>Override:</strong> Limit<br>

<strong>Status:</strong> Base<br>

<strong>Module:</strong> mod_access<p>

The order directive controls the order in which <A HREF="#allow">allow</A> and

<A HREF="#deny">deny</A> directives are evaluated. <em>Ordering</em> is one

of

<dl>

<dt>deny,allow

<dd>the deny directives are evaluated before the allow directives.

<dt>allow,deny

<dd>the allow directives are evaluated before the deny directives.

<dt>mutual-failure

<dd>Only those hosts which appear on the allow list and do not appear

on the deny list are granted access.

</dl>

Example:

<blockquote><code>

order deny,allow

deny from all

allow from .ncsa.uiuc.edu

</code></blockquote>

Hosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are

denied access.

</BODY>

</HTML>