mod_authz_host.html.en revision 96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz This file is generated from xml source: DO NOT EDIT
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7jailletc<title>mod_authz_host - Apache HTTP Server Version 2.5</title>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
2e545ce2450a9953665f701bb05350f0d3f26275nd<script src="/style/scripts/prettify.min.js" type="text/javascript">
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/images/favicon.ico" rel="shortcut icon" /></head>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
0066eddda7203f6345b56f77d146a759298dc635gryzor<p><span>Available Languages: </span><a href="/en/mod/mod_authz_host.html" title="English"> en </a> |
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<a href="/fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group authorizations based on host (name or IP
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_host_module</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_host.c</td></tr>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The authorization providers implemented by <code class="module"><a href="/mod/mod_authz_host.html">mod_authz_host</a></code> are
3267af3f6fbf9743e64a9f019c745317f18cd9f7poirier registered using the <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf directive. The directive can be referenced within a
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <code class="directive"><a href="/mod/core.html#directory"><Directory></a></code>,
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf <code class="directive"><a href="/mod/core.html#files"><Files></a></code>,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin or <code class="directive"><a href="/mod/core.html#location"><Location></a></code> section
cb3a1082aec4b3b4f4ed238c93c3cc54933a7f0end as well as <code><a href="core.html#accessfilename">.htaccess</a>
cb3a1082aec4b3b4f4ed238c93c3cc54933a7f0end </code> files to control access to particular parts of the server.
f8b7daeb0e3f0ac4544fcc665de10c6b69a1ce0dsf Access can be controlled based on the client hostname or IP address.</p>
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz <p>In general, access restriction directives apply to all
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz access methods (<code>GET</code>, <code>PUT</code>,
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz <code>POST</code>, etc). This is the desired behavior in most
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz cases. However, it is possible to restrict some methods, while
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz leaving other methods unrestricted, by enclosing the directives
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz in a <code class="directive"><a href="/mod/core.html#limit"><Limit></a></code> section.</p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div id="quickview"><h3 class="directives">Directives</h3>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<p>This module provides no
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin directives.</p>
35ff2d06df95b9593ee312dfff883c76f3b97798noodl<li><img alt="" src="/images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<li><a href="/howto/auth.html">Authentication, Authorization,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
35ff2d06df95b9593ee312dfff883c76f3b97798noodl<h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf <p>Apache's <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code>
3267af3f6fbf9743e64a9f019c745317f18cd9f7poirier directive is used during the authorization phase to ensure that a user is allowed or
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf denied access to a resource. mod_authz_host extends the
d8c20b2218b1aff46358f67ae5e9c66a67982efbminfrin authorization types with <code>ip</code>, <code>host</code> and <code>local</code>.
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf Other authorization types may also be
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin used but may require that additional authorization modules be loaded.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>These authorization providers affect which hosts can
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz access an area of the server. Access can be controlled by
f8b7daeb0e3f0ac4544fcc665de10c6b69a1ce0dsf hostname, IP Address, or IP Address range.</p>
d0091d79795017b8432ca178745dbcfb7970cd5ctrawick <p>Since v2.4.8, <a href="/expr.html">expressions</a> are supported
d8c20b2218b1aff46358f67ae5e9c66a67982efbminfrin within the host require directives.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The <code>ip</code> provider allows access to the server
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf to be controlled based on the IP address of the remote client.
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf When <code>Require ip <var>ip-address</var></code> is specified,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin then the request is allowed access if the IP address matches.</p>
4aa603e6448b99f9371397d439795c91a93637eandRequire ip 192.168.1.104 192.168.1.205</pre>
4aa603e6448b99f9371397d439795c91a93637eandRequire ip 10 172.20 192.168.2</pre>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The first 1 to 3 bytes of an IP address, for subnet
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin restriction.</p>
20f499565e77defe9dab24dd85c02f38a1175855nd <pre class="prettyprint lang-config">Require ip 10.1.0.0/255.255.0.0</pre>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>A network a.b.c.d, and a netmask w.x.y.z. For more
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin fine-grained subnet restriction.</p>
20f499565e77defe9dab24dd85c02f38a1175855nd <pre class="prettyprint lang-config">Require ip 10.1.0.0/16</pre>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>Similar to the previous case, except the netmask consists of
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin nnn high-order 1 bits.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>Note that the last three examples above match exactly the
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin same set of hosts.</p>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>IPv6 addresses and IPv6 subnets can be specified as shown
4aa603e6448b99f9371397d439795c91a93637eand <pre class="prettyprint lang-config">Require ip 2001:db8::a00:20ff:fea7:ccea
d8c20b2218b1aff46358f67ae5e9c66a67982efbminfrin <p>Note: As the IP addresses are parsed on startup, expressions are
d8c20b2218b1aff46358f67ae5e9c66a67982efbminfrin not evaluated at request time.</p>
a7a43799fed7fcdeaa70584dbd3ecd130b25deb3noodl<h3><a name="reqhost" id="reqhost">Require host</a></h3>
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>The <code>host</code> provider allows access to the server
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf to be controlled based on the host name of the remote client.
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf When <code>Require host <var>host-name</var></code> is specified,
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin then the request is allowed access if the host name matches.</p>
4aa603e6448b99f9371397d439795c91a93637eand <pre class="prettyprint lang-config">Require host example.org
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin <p>Hosts whose names match, or end in, this string are allowed
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin access. Only complete components are matched, so the above
9a367ec3d570bcbaf8923dad66cb3b1532963964trawick example will match <code>foo.example.org</code> but it will not
9a367ec3d570bcbaf8923dad66cb3b1532963964trawick match <code>fooexample.org</code>. This configuration will cause
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin Apache to perform a double reverse DNS lookup on the client IP
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin address, regardless of the setting of the <code class="directive"><a href="/mod/core.html#hostnamelookups">HostnameLookups</a></code> directive. It will do
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin a reverse DNS lookup on the IP address to find the associated
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin hostname, and then do a forward lookup on the hostname to assure
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin that it matches the original IP address. Only if the forward
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin and reverse DNS are consistent and the hostname matches will
8951c7d73bfa2ae5a2c8fe5bd27f3e677be02564noirin access be allowed.</p>
1b390add6886fb1c0acdea82be0ef0920f1158casf<h3><a name="reqlocal" id="reqlocal">Require local</a></h3>
1b390add6886fb1c0acdea82be0ef0920f1158casf <p>The <code>local</code> provider allows access to the server if any
1b390add6886fb1c0acdea82be0ef0920f1158casf of the following conditions is true:</p>
1b390add6886fb1c0acdea82be0ef0920f1158casf <li>both the client and the server address of the connection are
1b390add6886fb1c0acdea82be0ef0920f1158casf the same</li>
1b390add6886fb1c0acdea82be0ef0920f1158casf <p>This allows a convenient way to match connections that originate from
1b390add6886fb1c0acdea82be0ef0920f1158casf the local host:</p>
5f9231b22f11ab2ba17c96400438fd1244087efdrbowen <p>If you are proxying content to your server, you need to be aware
5f9231b22f11ab2ba17c96400438fd1244087efdrbowen that the client address will be the address of your proxy server,
5f9231b22f11ab2ba17c96400438fd1244087efdrbowen not the address of the client, and so using the <code>Require</code>
5f9231b22f11ab2ba17c96400438fd1244087efdrbowen directive in this context may not do what you mean. See
5f9231b22f11ab2ba17c96400438fd1244087efdrbowen <code class="module"><a href="/mod/mod_remoteip.html">mod_remoteip</a></code> for one possible solution to this
5f9231b22f11ab2ba17c96400438fd1244087efdrbowen problem.</p>
0066eddda7203f6345b56f77d146a759298dc635gryzor<p><span>Available Languages: </span><a href="/en/mod/mod_authz_host.html" title="English"> en </a> |
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<a href="/fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
ccb709596bad11241fad96d128bbaae408ad78a7rbowen</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
ccb709596bad11241fad96d128bbaae408ad78a7rbowenvar comments_shortname = 'httpd';
ccb709596bad11241fad96d128bbaae408ad78a7rbowenvar comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_authz_host.html';
0d0ba3a410038e179b695446bb149cce6264e0abnd(function(w, d) {
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
ccb709596bad11241fad96d128bbaae408ad78a7rbowen d.write('<div id="comments_thread"><\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd var s = d.createElement('script');
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
0d0ba3a410038e179b695446bb149cce6264e0abnd (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
ccb709596bad11241fad96d128bbaae408ad78a7rbowen d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd})(window, document);
07dc96d063d49299da433f84b5c5681da9bbdf68rbowen<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
0d0ba3a410038e179b695446bb149cce6264e0abndif (typeof(prettyPrint) !== 'undefined') {
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd prettyPrint();