mod_authz_host.html.en revision 1b390add6886fb1c0acdea82be0ef0920f1158ca
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz This file is generated from xml source: DO NOT EDIT
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/images/favicon.ico" rel="shortcut icon" /></head>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
52fff662005b1866a3ff09bb6c902800c5cc6dedjerenkrantz<p class="apache">Apache HTTP Server Version 2.3</p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
4b5981e276e93df97c34e4da05ca5cf8bbd937dand<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">Modules</a></div>
0066eddda7203f6345b56f77d146a759298dc635gryzor<p><span>Available Languages: </span><a href="/en/mod/mod_authz_host.html" title="English"> en </a> |
0066eddda7203f6345b56f77d146a759298dc635gryzor<a href="/fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group authorizations based on host (name or IP
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_host_module</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_host.c</td></tr>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The authorization providers implemented by <code class="module"><a href="/mod/mod_authz_host.html">mod_authz_host</a></code> are
3267af3f6fbf9743e64a9f019c745317f18cd9f7poirier registered using the <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code>
3267af3f6fbf9743e64a9f019c745317f18cd9f7poirier directive. The directive can be referenced within a
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <code class="directive"><a href="/mod/core.html#directory"><Directory></a></code>,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <code class="directive"><a href="/mod/core.html#files"><Files></a></code>,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin or <code class="directive"><a href="/mod/core.html#location"><Location></a></code> section
cb3a1082aec4b3b4f4ed238c93c3cc54933a7f0end as well as <code><a href="core.html#accessfilename">.htaccess</a>
cb3a1082aec4b3b4f4ed238c93c3cc54933a7f0end </code> files to control access to particular parts of the server.
f8b7daeb0e3f0ac4544fcc665de10c6b69a1ce0dsf Access can be controlled based on the client hostname or IP address.</p>
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz <p>In general, access restriction directives apply to all
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz access methods (<code>GET</code>, <code>PUT</code>,
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz <code>POST</code>, etc). This is the desired behavior in most
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz cases. However, it is possible to restrict some methods, while
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz leaving other methods unrestricted, by enclosing the directives
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz in a <code class="directive"><a href="/mod/core.html#limit"><Limit></a></code> section.</p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div id="quickview"><h3 class="directives">Directives</h3>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<p>This module provides no
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin directives.</p>
35ff2d06df95b9593ee312dfff883c76f3b97798noodl<li><img alt="" src="/images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<li><a href="/howto/auth.html">Authentication, Authorization,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
35ff2d06df95b9593ee312dfff883c76f3b97798noodl<h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>
3267af3f6fbf9743e64a9f019c745317f18cd9f7poirier <p>Apache's <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code>
3267af3f6fbf9743e64a9f019c745317f18cd9f7poirier directive is used during the authorization phase to ensure that a user is allowed or
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin denied access to a resource. mod_authz_host extends the
f8b7daeb0e3f0ac4544fcc665de10c6b69a1ce0dsf authorization types with <code>ip</code> and <code>host</code>.
f8b7daeb0e3f0ac4544fcc665de10c6b69a1ce0dsf Other authorization types may also be
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin used but may require that additional authorization modules be loaded.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>These authorization providers affect which hosts can
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz access an area of the server. Access can be controlled by
f8b7daeb0e3f0ac4544fcc665de10c6b69a1ce0dsf hostname, IP Address, or IP Address range.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The <code>ip</code> provider allows access to the server
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin to be controlled based on the IP address of the remote client.
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin When <code>Require ip <var>ip-address</var></code> is specified,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin then the request is allowed access if the IP address matches.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Require ip 10.1.2.3<br />
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Require ip 192.168.1.104 192.168.1.205
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Require ip 10.1<br />
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Require ip 10 172.20 192.168.2
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The first 1 to 3 bytes of an IP address, for subnet
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin restriction.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>A network a.b.c.d, and a netmask w.x.y.z. For more
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin fine-grained subnet restriction.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>Similar to the previous case, except the netmask consists of
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin nnn high-order 1 bits.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>Note that the last three examples above match exactly the
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin same set of hosts.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>IPv6 addresses and IPv6 subnets can be specified as shown
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Require ip 2001:db8::a00:20ff:fea7:ccea<br />
a7a43799fed7fcdeaa70584dbd3ecd130b25deb3noodl<h3><a name="reqhost" id="reqhost">Require host</a></h3>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The <code>host</code> provider allows access to the server
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin to be controlled based on the host name of the remote client.
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin When <code>Require host <var>host-name</var></code> is specified,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin then the request is allowed access if the host name matches.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Require host .net example.edu
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>Hosts whose names match, or end in, this string are allowed
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin access. Only complete components are matched, so the above
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin example will match <code>foo.apache.org</code> but it will not
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin match <code>fooapache.org</code>. This configuration will cause
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Apache to perform a double reverse DNS lookup on the client IP
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin address, regardless of the setting of the <code class="directive"><a href="/mod/core.html#hostnamelookups">HostnameLookups</a></code> directive. It will do
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin a reverse DNS lookup on the IP address to find the associated
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin hostname, and then do a forward lookup on the hostname to assure
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin that it matches the original IP address. Only if the forward
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin and reverse DNS are consistent and the hostname matches will
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin access be allowed.</p>
1b390add6886fb1c0acdea82be0ef0920f1158casf<h3><a name="reqlocal" id="reqlocal">Require local</a></h3>
1b390add6886fb1c0acdea82be0ef0920f1158casf <p>The <code>local</code> provider allows access to the server if any
1b390add6886fb1c0acdea82be0ef0920f1158casf of the following conditions is true:</p>
1b390add6886fb1c0acdea82be0ef0920f1158casf <li>both the client and the server address of the connection are
1b390add6886fb1c0acdea82be0ef0920f1158casf the same</li>
1b390add6886fb1c0acdea82be0ef0920f1158casf <p>This allows a convenient way to match connections that originate from
1b390add6886fb1c0acdea82be0ef0920f1158casf the local host:</p>
1b390add6886fb1c0acdea82be0ef0920f1158casf Require local
0066eddda7203f6345b56f77d146a759298dc635gryzor<p><span>Available Languages: </span><a href="/en/mod/mod_authz_host.html" title="English"> en </a> |
0066eddda7203f6345b56f77d146a759298dc635gryzor<a href="/fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
50039065d571fe01fd458a3f031c995a1fd53c22rbowen<p class="apache">Copyright 2010 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div>