mod_access_compat.xml revision 22d5d84393d960a2027f472036f3fee15d7dbce9
22d5d84393d960a2027f472036f3fee15d7dbce9nd<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
22d5d84393d960a2027f472036f3fee15d7dbce9nd<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<!-- $LastChangedRevision$ -->
22d5d84393d960a2027f472036f3fee15d7dbce9nd Copyright 2002-2005 The Apache Software Foundation or its licensors, as
22d5d84393d960a2027f472036f3fee15d7dbce9nd applicable.
22d5d84393d960a2027f472036f3fee15d7dbce9nd Licensed under the Apache License, Version 2.0 (the "License");
22d5d84393d960a2027f472036f3fee15d7dbce9nd you may not use this file except in compliance with the License.
22d5d84393d960a2027f472036f3fee15d7dbce9nd You may obtain a copy of the License at
22d5d84393d960a2027f472036f3fee15d7dbce9nd Unless required by applicable law or agreed to in writing, software
22d5d84393d960a2027f472036f3fee15d7dbce9nd distributed under the License is distributed on an "AS IS" BASIS,
22d5d84393d960a2027f472036f3fee15d7dbce9nd WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22d5d84393d960a2027f472036f3fee15d7dbce9nd See the License for the specific language governing permissions and
22d5d84393d960a2027f472036f3fee15d7dbce9nd limitations under the License.
22d5d84393d960a2027f472036f3fee15d7dbce9nd<description>Group authorizations based on host (name or IP
22d5d84393d960a2027f472036f3fee15d7dbce9ndaddress)</description>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<compatibility>Available in Apache 2.3 as a compatibility module with
22d5d84393d960a2027f472036f3fee15d7dbce9ndprevious versions of Apache 2.x. The directives provided by this module
22d5d84393d960a2027f472036f3fee15d7dbce9ndhave been deprecated by the new authz refactoring. Please see
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The directives provided by <module>mod_access_compat</module> are
22d5d84393d960a2027f472036f3fee15d7dbce9nd used in <directive module="core" type="section">Directory</directive>,
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="core" type="section">Files</directive>, and
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="core" type="section">Location</directive> sections
22d5d84393d960a2027f472036f3fee15d7dbce9nd as well as <code><a href="core.html#accessfilename">.htaccess</a>
22d5d84393d960a2027f472036f3fee15d7dbce9nd </code> files to control access to particular parts of the server.
22d5d84393d960a2027f472036f3fee15d7dbce9nd Access can be controlled based on the client hostname, IP address, or
22d5d84393d960a2027f472036f3fee15d7dbce9nd other characteristics of the client request, as captured in <a
22d5d84393d960a2027f472036f3fee15d7dbce9nd href="/env.html">environment variables</a>. The <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> and <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> directives are used to
22d5d84393d960a2027f472036f3fee15d7dbce9nd specify which clients are or are not allowed access to the server,
22d5d84393d960a2027f472036f3fee15d7dbce9nd while the <directive module="mod_access_compat">Order</directive>
22d5d84393d960a2027f472036f3fee15d7dbce9nd directive sets the default access state, and configures how the
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="mod_access_compat">Allow</directive> and <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> directives interact with each
22d5d84393d960a2027f472036f3fee15d7dbce9nd other.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>Both host-based access restrictions and password-based
22d5d84393d960a2027f472036f3fee15d7dbce9nd authentication may be implemented simultaneously. In that case,
22d5d84393d960a2027f472036f3fee15d7dbce9nd the <directive module="core">Satisfy</directive> directive is used
22d5d84393d960a2027f472036f3fee15d7dbce9nd to determine how the two sets of restrictions interact.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The directives provided by <module>mod_access_compat</module> have
22d5d84393d960a2027f472036f3fee15d7dbce9nd been deprecated by the new authz refactoring. Please see
22d5d84393d960a2027f472036f3fee15d7dbce9nd <module>mod_authz_default</module> must also be loaded to provide for
22d5d84393d960a2027f472036f3fee15d7dbce9nd default authorization handling.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>In general, access restriction directives apply to all
22d5d84393d960a2027f472036f3fee15d7dbce9nd <code>POST</code>, etc). This is the desired behavior in most
22d5d84393d960a2027f472036f3fee15d7dbce9nd cases. However, it is possible to restrict some methods, while
22d5d84393d960a2027f472036f3fee15d7dbce9nd leaving other methods unrestricted, by enclosing the directives
22d5d84393d960a2027f472036f3fee15d7dbce9nd in a <directive module="core" type="section">Limit</directive> section.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<seealso><directive module="mod_authz_core">Require</directive></seealso>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<description>Controls which hosts can access an area of the
22d5d84393d960a2027f472036f3fee15d7dbce9ndserver</description>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<syntax> Allow from all|<var>host</var>|env=<var>env-variable</var>
22d5d84393d960a2027f472036f3fee15d7dbce9nd[<var>host</var>|env=<var>env-variable</var>] ...</syntax>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<contextlist><context>directory</context><context>.htaccess</context>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</contextlist>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The <directive>Allow</directive> directive affects which hosts can
22d5d84393d960a2027f472036f3fee15d7dbce9nd access an area of the server. Access can be controlled by
22d5d84393d960a2027f472036f3fee15d7dbce9nd hostname, IP Address, IP Address range, or by other
22d5d84393d960a2027f472036f3fee15d7dbce9nd characteristics of the client request captured in environment
22d5d84393d960a2027f472036f3fee15d7dbce9nd variables.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The first argument to this directive is always
22d5d84393d960a2027f472036f3fee15d7dbce9nd <code>from</code>. The subsequent arguments can take three
22d5d84393d960a2027f472036f3fee15d7dbce9nd different forms. If <code>Allow from all</code> is specified, then
22d5d84393d960a2027f472036f3fee15d7dbce9nd all hosts are allowed access, subject to the configuration of the
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="mod_access_compat">Deny</directive> and <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Order</directive> directives as discussed
22d5d84393d960a2027f472036f3fee15d7dbce9nd below. To allow only particular hosts or groups of hosts to access
22d5d84393d960a2027f472036f3fee15d7dbce9nd the server, the <em>host</em> can be specified in any of the
22d5d84393d960a2027f472036f3fee15d7dbce9nd following formats:</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from .net example.edu
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>Hosts whose names match, or end in, this string are allowed
22d5d84393d960a2027f472036f3fee15d7dbce9nd access. Only complete components are matched, so the above
22d5d84393d960a2027f472036f3fee15d7dbce9nd example will match <code>foo.apache.org</code> but it will not
22d5d84393d960a2027f472036f3fee15d7dbce9nd match <code>fooapache.org</code>. This configuration will cause
22d5d84393d960a2027f472036f3fee15d7dbce9nd Apache to perform a double reverse DNS lookup on the client IP
22d5d84393d960a2027f472036f3fee15d7dbce9nd address, regardless of the setting of the <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="core">HostnameLookups</directive> directive. It will do
22d5d84393d960a2027f472036f3fee15d7dbce9nd a reverse DNS lookup on the IP address to find the associated
22d5d84393d960a2027f472036f3fee15d7dbce9nd hostname, and then do a forward lookup on the hostname to assure
22d5d84393d960a2027f472036f3fee15d7dbce9nd that it matches the original IP address. Only if the forward
22d5d84393d960a2027f472036f3fee15d7dbce9nd and reverse DNS are consistent and the hostname matches will
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from 10.1.2.3<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from 192.168.1.104 192.168.1.205
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from 10.1<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from 10 172.20 192.168.2
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The first 1 to 3 bytes of an IP address, for subnet
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>Similar to the previous case, except the netmask consists of
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>Note that the last three examples above match exactly the
22d5d84393d960a2027f472036f3fee15d7dbce9nd same set of hosts.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>IPv6 addresses and IPv6 subnets can be specified as shown
22d5d84393d960a2027f472036f3fee15d7dbce9nd below:</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from 2001:db8::a00:20ff:fea7:ccea<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The third format of the arguments to the
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive>Allow</directive> directive allows access to the server
22d5d84393d960a2027f472036f3fee15d7dbce9nd to be controlled based on the existence of an <a
22d5d84393d960a2027f472036f3fee15d7dbce9nd href="/env.html">environment variable</a>. When <code>Allow from
22d5d84393d960a2027f472036f3fee15d7dbce9nd env=<var>env-variable</var></code> is specified, then the request is
22d5d84393d960a2027f472036f3fee15d7dbce9nd allowed access if the environment variable <var>env-variable</var>
22d5d84393d960a2027f472036f3fee15d7dbce9nd exists. The server provides the ability to set environment
22d5d84393d960a2027f472036f3fee15d7dbce9nd variables in a flexible way based on characteristics of the client
22d5d84393d960a2027f472036f3fee15d7dbce9nd request using the directives provided by
22d5d84393d960a2027f472036f3fee15d7dbce9nd <module>mod_setenvif</module>. Therefore, this directive can be
22d5d84393d960a2027f472036f3fee15d7dbce9nd used to allow access based on such factors as the clients
22d5d84393d960a2027f472036f3fee15d7dbce9nd <code>User-Agent</code> (browser type), <code>Referer</code>, or
22d5d84393d960a2027f472036f3fee15d7dbce9nd other HTTP request header fields.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd <Directory /docroot><br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Order Deny,Allow<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Deny from all<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from env=let_me_in<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd </Directory>
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>In this case, browsers with a user-agent string beginning
22d5d84393d960a2027f472036f3fee15d7dbce9nd with <code>KnockKnock/2.0</code> will be allowed access, and all
22d5d84393d960a2027f472036f3fee15d7dbce9nd others will be denied.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<description>Controls which hosts are denied access to the
22d5d84393d960a2027f472036f3fee15d7dbce9ndserver</description>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<syntax> Deny from all|<var>host</var>|env=<var>env-variable</var>
22d5d84393d960a2027f472036f3fee15d7dbce9nd[<var>host</var>|env=<var>env-variable</var>] ...</syntax>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<contextlist><context>directory</context><context>.htaccess</context>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</contextlist>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>This directive allows access to the server to be restricted
22d5d84393d960a2027f472036f3fee15d7dbce9nd based on hostname, IP address, or environment variables. The
22d5d84393d960a2027f472036f3fee15d7dbce9nd arguments for the <directive>Deny</directive> directive are
22d5d84393d960a2027f472036f3fee15d7dbce9nd identical to the arguments for the <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> directive.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<description>Controls the default access state and the order in which
22d5d84393d960a2027f472036f3fee15d7dbce9nd<directive>Allow</directive> and <directive>Deny</directive> are
22d5d84393d960a2027f472036f3fee15d7dbce9ndevaluated.</description>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<contextlist><context>directory</context><context>.htaccess</context>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</contextlist>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The <directive>Order</directive> directive controls the default
22d5d84393d960a2027f472036f3fee15d7dbce9nd access state and the order in which <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> and <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> directives are evaluated.
22d5d84393d960a2027f472036f3fee15d7dbce9nd <dd>The <directive module="mod_access_compat">Deny</directive> directives
22d5d84393d960a2027f472036f3fee15d7dbce9nd are evaluated before the <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> directives. Access is
22d5d84393d960a2027f472036f3fee15d7dbce9nd allowed by default. Any client which does not match a
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="mod_access_compat">Deny</directive> directive or does
22d5d84393d960a2027f472036f3fee15d7dbce9nd match an <directive module="mod_access_compat">Allow</directive>
22d5d84393d960a2027f472036f3fee15d7dbce9nd directive will be allowed access to the server.</dd>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <dd>The <directive module="mod_access_compat">Allow</directive>
22d5d84393d960a2027f472036f3fee15d7dbce9nd directives are evaluated before the <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> directives. Access is denied
22d5d84393d960a2027f472036f3fee15d7dbce9nd by default. Any client which does not match an <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> directive or does match a
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="mod_access_compat">Deny</directive> directive will be
22d5d84393d960a2027f472036f3fee15d7dbce9nd denied access to the server.</dd>
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> list and do not appear on
22d5d84393d960a2027f472036f3fee15d7dbce9nd the <directive module="mod_access_compat">Deny</directive> list are
22d5d84393d960a2027f472036f3fee15d7dbce9nd granted access. This ordering has the same effect as <code>Order
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow,Deny</code> and is deprecated in favor of that
22d5d84393d960a2027f472036f3fee15d7dbce9nd configuration.</dd>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>Keywords may only be separated by a comma; <em>no whitespace</em> is
22d5d84393d960a2027f472036f3fee15d7dbce9nd allowed between them. Note that in all cases every <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> and <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> statement is evaluated.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>In the following example, all hosts in the apache.org domain
22d5d84393d960a2027f472036f3fee15d7dbce9nd are allowed access; all other hosts are denied access.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd Order Deny,Allow<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Deny from all<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>In the next example, all hosts in the apache.org domain are
22d5d84393d960a2027f472036f3fee15d7dbce9nd allowed access, except for the hosts which are in the
22d5d84393d960a2027f472036f3fee15d7dbce9nd foo.apache.org subdomain, who are denied access. All hosts not
22d5d84393d960a2027f472036f3fee15d7dbce9nd in the apache.org domain are denied access because the default
22d5d84393d960a2027f472036f3fee15d7dbce9nd state is to deny access to the server.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd Order Allow,Deny<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>On the other hand, if the <directive>Order</directive> in the last
22d5d84393d960a2027f472036f3fee15d7dbce9nd example is changed to <code>Deny,Allow</code>, all hosts will
22d5d84393d960a2027f472036f3fee15d7dbce9nd be allowed access. This happens because, regardless of the
22d5d84393d960a2027f472036f3fee15d7dbce9nd actual ordering of the directives in the configuration file,
22d5d84393d960a2027f472036f3fee15d7dbce9nd the <code>Allow from apache.org</code> will be evaluated last
22d5d84393d960a2027f472036f3fee15d7dbce9nd and will override the <code>Deny from foo.apache.org</code>.
22d5d84393d960a2027f472036f3fee15d7dbce9nd All hosts not in the <code>apache.org</code> domain will also
22d5d84393d960a2027f472036f3fee15d7dbce9nd be allowed access because the default state will change to
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The presence of an <directive>Order</directive> directive can affect
22d5d84393d960a2027f472036f3fee15d7dbce9nd access to a part of the server even in the absence of accompanying
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="mod_access_compat">Allow</directive> and <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> directives because of its effect
22d5d84393d960a2027f472036f3fee15d7dbce9nd on the default access state. For example,</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <Directory /www><br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Order Allow,Deny<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd </Directory>
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>will deny all access to the <code>/www</code> directory
22d5d84393d960a2027f472036f3fee15d7dbce9nd because the default access state will be set to
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>The <directive>Order</directive> directive controls the order of access
22d5d84393d960a2027f472036f3fee15d7dbce9nd directive processing only within each phase of the server's
22d5d84393d960a2027f472036f3fee15d7dbce9nd configuration processing. This implies, for example, that an
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="mod_access_compat">Allow</directive> or <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> directive occurring in a
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="core" type="section">Location</directive> section will
22d5d84393d960a2027f472036f3fee15d7dbce9nd always be evaluated after an <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Allow</directive> or <directive
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_access_compat">Deny</directive> directive occurring in a
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive module="core" type="section">Directory</directive> section or
22d5d84393d960a2027f472036f3fee15d7dbce9nd <code>.htaccess</code> file, regardless of the setting of the
22d5d84393d960a2027f472036f3fee15d7dbce9nd <directive>Order</directive> directive. For details on the merging
22d5d84393d960a2027f472036f3fee15d7dbce9nd of configuration sections, see the documentation on <a
22d5d84393d960a2027f472036f3fee15d7dbce9nd href="/sections.html">How Directory, Location and Files sections
22d5d84393d960a2027f472036f3fee15d7dbce9nd</directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<description>Interaction between host-level access control and
22d5d84393d960a2027f472036f3fee15d7dbce9nduser authentication</description>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<contextlist><context>directory</context><context>.htaccess</context>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</contextlist>
22d5d84393d960a2027f472036f3fee15d7dbce9nd<compatibility>Influenced by <directive module="core" type="section"
22d5d84393d960a2027f472036f3fee15d7dbce9ndtype="section">LimitExcept</directive> in version 2.0.51 and
22d5d84393d960a2027f472036f3fee15d7dbce9ndlater</compatibility>
22d5d84393d960a2027f472036f3fee15d7dbce9nd module="mod_authz_core">Require</directive> used. The parameter can be
22d5d84393d960a2027f472036f3fee15d7dbce9nd either <code>All</code> or <code>Any</code>. This directive is only
22d5d84393d960a2027f472036f3fee15d7dbce9nd useful if access to a particular area is being restricted by both
22d5d84393d960a2027f472036f3fee15d7dbce9nd username/password <em>and</em> client host address. In this case
22d5d84393d960a2027f472036f3fee15d7dbce9nd the default behavior (<code>All</code>) is to require that the client
22d5d84393d960a2027f472036f3fee15d7dbce9nd passes the address access restriction <em>and</em> enters a valid
22d5d84393d960a2027f472036f3fee15d7dbce9nd username and password. With the <code>Any</code> option the client will be
22d5d84393d960a2027f472036f3fee15d7dbce9nd granted access if they either pass the host restriction or enter a
22d5d84393d960a2027f472036f3fee15d7dbce9nd valid username and password. This can be used to password restrict
22d5d84393d960a2027f472036f3fee15d7dbce9nd an area, but to let clients from particular addresses in without
22d5d84393d960a2027f472036f3fee15d7dbce9nd prompting for a password.</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>For example, if you wanted to let people on your network have
22d5d84393d960a2027f472036f3fee15d7dbce9nd unrestricted access to a portion of your website, but require that
22d5d84393d960a2027f472036f3fee15d7dbce9nd people outside of your network provide a password, you could use a
22d5d84393d960a2027f472036f3fee15d7dbce9nd configuration similar to the following:</p>
22d5d84393d960a2027f472036f3fee15d7dbce9nd Require valid-user<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Allow from 192.168.1<br />
22d5d84393d960a2027f472036f3fee15d7dbce9nd Satisfy Any
22d5d84393d960a2027f472036f3fee15d7dbce9nd </example>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <p>Since version 2.0.51 <directive>Satisfy</directive> directives can
22d5d84393d960a2027f472036f3fee15d7dbce9nd be restricted to particular methods by <directive module="core"
22d5d84393d960a2027f472036f3fee15d7dbce9nd type="section">Limit</directive> and <directive module="core" type="section"
22d5d84393d960a2027f472036f3fee15d7dbce9nd <seealso><directive module="mod_access_compat">Allow</directive></seealso>
22d5d84393d960a2027f472036f3fee15d7dbce9nd <seealso><directive module="mod_authz_core">Require</directive></seealso>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</directivesynopsis>
22d5d84393d960a2027f472036f3fee15d7dbce9nd</modulesynopsis>