mod_authz_host.html.en revision f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>mod_authz_host - Apache HTTP Server</title>
<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<body>
<div id="page-header">
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.3</p>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">Modules</a></div>
<div id="page-content">
<div id="preamble"><h1>Apache Module mod_authz_host</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="/en/mod/mod_authz_host.html" title="English"> en </a> |
<a href="/fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group authorizations based on host (name or IP
address)</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_host_module</td></tr>
<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
<h3>Summary</h3>
<p>The authorization providers implemented by <code class="module"><a href="/mod/mod_authz_host.html">mod_authz_host</a></code> are
registered using the <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code>
directive. The directive can be referenced within a
</code> files to control access to particular parts of the server.
Access can be controlled based on the client hostname or IP address.</p>
<p>In general, access restriction directives apply to all
access methods (<code>GET</code>, <code>PUT</code>,
<code>POST</code>, etc). This is the desired behavior in most
cases. However, it is possible to restrict some methods, while
leaving other methods unrestricted, by enclosing the directives
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<p>This module provides no
directives.</p>
<h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="/images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
</ul><h3>See also</h3>
<ul class="seealso">
and Access Control</a></li>
</ul></div>
<div class="section">
<h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>
directive is used during the authorization phase to ensure that a user is allowed or
denied access to a resource. mod_authz_host extends the
authorization types with <code>ip</code> and <code>host</code>.
Other authorization types may also be
used but may require that additional authorization modules be loaded.</p>
<p>These authorization providers affect which hosts can
access an area of the server. Access can be controlled by
hostname, IP Address, or IP Address range.</p>
<h3><a name="reqip" id="reqip">Require ip</a></h3>
<p>The <code>ip</code> provider allows access to the server
to be controlled based on the IP address of the remote client.
When <code>Require ip <var>ip-address</var></code> is specified,
then the request is allowed access if the IP address matches.</p>
<p>A full IP address:</p>
<div class="example"><p><code>
Require ip 10.1.2.3<br />
Require ip 192.168.1.104 192.168.1.205
</code></p></div>
<p>An IP address of a host allowed access</p>
<p>A partial IP address:</p>
<div class="example"><p><code>
Require ip 10.1<br />
Require ip 10 172.20 192.168.2
</code></p></div>
<p>The first 1 to 3 bytes of an IP address, for subnet
restriction.</p>
<div class="example"><p><code>
Require ip 10.1.0.0/255.255.0.0
</code></p></div>
fine-grained subnet restriction.</p>
<div class="example"><p><code>
</code></p></div>
<p>Similar to the previous case, except the netmask consists of
nnn high-order 1 bits.</p>
<p>Note that the last three examples above match exactly the
same set of hosts.</p>
<p>IPv6 addresses and IPv6 subnets can be specified as shown
below:</p>
<div class="example"><p><code>
Require ip 2001:db8::a00:20ff:fea7:ccea<br />
</code></p></div>
<h3><a name="reqhost" id="reqhost">Require host</a></h3>
<p>The <code>host</code> provider allows access to the server
to be controlled based on the host name of the remote client.
When <code>Require host <var>host-name</var></code> is specified,
then the request is allowed access if the host name matches.</p>
<p>A (partial) domain-name</p>
<div class="example"><p><code>
Require host example.org<br />
Require host .net example.edu
</code></p></div>
<p>Hosts whose names match, or end in, this string are allowed
access. Only complete components are matched, so the above
Apache to perform a double reverse DNS lookup on the client IP
address, regardless of the setting of the <code class="directive"><a href="/mod/core.html#hostnamelookups">HostnameLookups</a></code> directive. It will do
a reverse DNS lookup on the IP address to find the associated
hostname, and then do a forward lookup on the hostname to assure
that it matches the original IP address. Only if the forward
and reverse DNS are consistent and the hostname matches will
access be allowed.</p>
<h3><a name="reqlocal" id="reqlocal">Require local</a></h3>
<p>The <code>local</code> provider allows access to the server if any
of the following conditions is true:</p>
<ul>
<li>the client address matches 127.0.0.0/8</li>
<li>the client address is ::1</li>
<li>both the client and the server address of the connection are
the same</li>
</ul>
<p>This allows a convenient way to match connections that originate from
the local host:</p>
<div class="example"><p><code>
Require local
</code></p></div>
</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="/en/mod/mod_authz_host.html" title="English"> en </a> |
<a href="/fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
</div><div id="footer">
<p class="apache">Copyright 2011 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div>
</body></html>