1
<?xml version="1.0" encoding="ISO-8859-1"?>
2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5
This file is generated from xml source: DO NOT EDIT
6
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8
<title>Access Control - Apache HTTP Server</title>
9
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
10
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
11
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
12
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
13
<body id="manual-page"><div id="page-header">
14
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
15
<p class="apache">Apache HTTP Server Version 2.2</p>
16
<img alt="" src="../images/feather.gif" /></div>
17
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
19
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.2</a> > <a href="./">How-To / Tutorials</a></div><div id="page-content"><div id="preamble"><h1>Access Control</h1>
21
<p><span>Available Languages: </span><a href="../en/howto/access.html" title="English"> en </a></p>
24
<p>Access control refers to any means of controlling access to any
25
resource. This is separate from <a href="auth.html">authentication and authorization</a>.</p>
27
<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#related">Related Modules and Directives</a></li>
28
<li><img alt="" src="../images/down.gif" /> <a href="#host">Access control by host</a></li>
29
<li><img alt="" src="../images/down.gif" /> <a href="#env">Access control by environment variable</a></li>
30
<li><img alt="" src="../images/down.gif" /> <a href="#rewrite">Access control with mod_rewrite</a></li>
31
<li><img alt="" src="../images/down.gif" /> <a href="#moreinformation">More information</a></li>
33
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
35
<h2><a name="related" id="related">Related Modules and Directives</a></h2>
37
<p>Access control can be done by several different modules. The most
38
important of these is <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>. Other modules
39
discussed in this document include <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code> and
40
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
42
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
44
<h2><a name="host" id="host">Access control by host</a></h2>
46
If you wish to restrict access to portions of your site based on the
47
host address of your visitors, this is most easily done using
48
<code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.
51
<p>The <code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code> and
52
<code class="directive"><a href="../mod/mod_authz_host.html#deny">Deny</a></code> directives let
53
you allow and deny access based on the host name, or host
54
address, of the machine requesting a document. The
55
<code class="directive"><a href="../mod/mod_authz_host.html#order">Order</a></code> directive goes
56
hand-in-hand with these two, and tells Apache in which order to
57
apply the filters.</p>
59
<p>The usage of these directives is:</p>
61
<div class="example"><p><code>
62
Allow from <var>address</var>
65
<p>where <var>address</var> is an IP address (or a partial IP
66
address) or a fully qualified domain name (or a partial domain
67
name); you may provide multiple addresses or domain names, if
70
<p>For example, if you have someone spamming your message
71
board, and you want to keep them out, you could do the
74
<div class="example"><p><code>
75
Deny from 10.252.46.165
78
<p>Visitors coming from that address will not be able to see
79
the content covered by this directive. If, instead, you have a
80
machine name, rather than an IP address, you can use that.</p>
82
<div class="example"><p><code>
83
Deny from <var>host.example.com</var>
86
<p>And, if you'd like to block access from an entire domain,
87
you can specify just part of an address or domain name:</p>
89
<div class="example"><p><code>
90
Deny from <var>192.168.205</var><br />
91
Deny from <var>phishers.example.com</var> <var>moreidiots.example</var><br />
95
<p>Using <code class="directive"><a href="../mod/mod_authz_host.html#order">Order</a></code> will let you
96
be sure that you are actually restricting things to the group that you want
97
to let in, by combining a <code class="directive"><a href="../mod/mod_authz_host.html#deny">Deny</a></code> and an <code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code> directive:</p>
99
<div class="example"><p><code>
100
Order deny,allow<br />
102
Allow from <var>dev.example.com</var>
105
<p>Listing just the <code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code>
106
directive would not do what you want, because it will let folks from that
107
host in, in addition to letting everyone in. What you want is to let
108
<em>only</em> those folks in.</p>
109
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
110
<div class="section">
111
<h2><a name="env" id="env">Access control by environment variable</a></h2>
114
<code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>, in conjunction with
115
<code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>, can be used to restrict access to
116
your website based on the value of arbitrary environment variables.
117
This is done with the <code>Allow from env=</code> and <code>Deny
118
from env=</code> syntax.
121
<div class="example"><p><code>
122
SetEnvIf User-Agent BadBot GoAway=1<br />
123
Order allow,deny<br />
128
<div class="note"><h3>Warning:</h3>
129
<p>Access control by <code>User-Agent</code> is an unreliable technique,
130
since the <code>User-Agent</code> header can be set to anything at all,
131
at the whim of the end user.</p>
135
In the above example, the environment variable <code>GoAway</code>
136
is set to <code>1</code> if the <code>User-Agent</code> matches the
137
string <code>BadBot</code>. Then we deny access for any request when
138
this variable is set. This blocks that particular user agent from
142
<p>An environment variable test can be negated using the <code>=!</code>
145
<div class="example"><p>
146
Allow from env=!GoAway
149
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
150
<div class="section">
151
<h2><a name="rewrite" id="rewrite">Access control with mod_rewrite</a></h2>
153
<p>The <code>[F]</code> <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> flag causes a 403 Forbidden
154
response to be sent. Using this, you can deny access to a resource based
155
on arbitrary criteria.</p>
157
<p>For example, if you wish to block access to a resource between 8pm
158
and 6am, you can do this using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
160
<div class="example"><p><code>
161
RewriteEngine On<br />
162
RewriteCond %{TIME_HOUR} > 20 [OR]<br />
163
RewriteCond %{TIME_HOUR} < 07<br />
164
RewriteRule ^/fridge - [F]
167
<p>This will return a 403 Forbidden response for any request after 8pm
168
or before 7am. This technique can be used for any criteria that you wish
169
to check. You can also redirect, or otherwise rewrite these requests, if
170
that approach is preferred.</p>
172
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
173
<div class="section">
174
<h2><a name="moreinformation" id="moreinformation">More information</a></h2>
175
<p>You should also read the documentation for
176
<code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> and <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> which
177
contain some more information about how this all works.
178
<code class="module"><a href="../mod/mod_authn_alias.html">mod_authn_alias</a></code> can also help in simplifying certain
179
authentication configurations.</p>
181
<p>See the <a href="auth.html">Authentication and Authorization</a>
184
<div class="bottomlang">
185
<p><span>Available Languages: </span><a href="../en/howto/access.html" title="English"> en </a></p>
186
</div><div id="footer">
187
<p class="apache">Copyright 2006 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
188
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
b'\\ No newline at end of file'