mod_authz_host

Overview

mod_authz_host module is used to control access based on client host data (host name, IP address) and request characteristics (environment variables).

Quick start

Sample mod_authz_host .htaccess configuration which allows access from intranet and POST-only request from specified remote host 

# deny access by default
Order Allow,Deny

# allow all requests from local network
Allow from 192.168.0.0/16

# POST-requests
<Limit POST>
# allow from remote host
Allow from 74.75.76.77
</Limit>

Related articles and topics

Directives

Name Context Description
Allow S V D .h controls which hosts can access an area of the server
Deny S V D .h controls which hosts are denied access to the server
Order S V D .h controls the default access state and the order in which Allow and Deny are evaluated

Allow

Allow directive defines which hosts can access particular part of the server. Access can be controlled by hostname, IP Address, IP Address range or by other client request characteristics stored in environment variables.

The first argument of this directive is always from . Subsequent arguments may differ.

Syntax 

Allow from all|host|env=env-variable [host|env=env-variable] [...]

Example 

# allow all clients from .org zone
Allow from .org
# allow from 192.168 subnet
Allow from 192.168
# or
Allow from 192.168.0.0/16
# or
Allow from 192.168.0.0/255.255.0.0
# allow from this IPv6 address
Allow from 2001:db8::a00:20ff:fea7:ccea

Deny

Deny directive restricts access to the server based on hostname, IP address, or environment variables. Deny directive arguments are the same as for Allow directive.

Syntax 

Deny from all|host|env=env-variable [host|env=env-variable] [...]

Order

Order directive controls order of Allow and Deny directives processing.

Syntax 

Order [Deny,Allow | Allow,Deny]

Default 

Order Deny,Allow

Ordering may be one of the following:

  • Deny,Allow Deny directives are evaluated before the Allow directives. Access is allowed by default. If the client does not match Deny directive or does match Allow directive, he will be allowed access to the server.
  • Allow,Deny Allow directives are evaluated before the Deny directives. Access is denied by default. If the client does not match Allow directive or does match Deny directive, he will be denied access to the server.

Note! Keywords must be separated by comma; no spaces are allowed between them.

Examples

In the following example access is denied for all hosts except those on domain.com : 

Order Deny,Allow
Deny from all
Allow from domain.com

In the next example, all hosts in the domain.com domain are allowed access, except hosts in foo.domain.com subdomain, which are denied access. All hosts not in domain.com domain are denied access because access is denied by default. 

Order Allow,Deny
Allow from domain.com
Deny from foo.domain.com

Order directive can affect access to the part of the server even in the absence of Allow and Deny directives as it also defines default access state. In the example below access will be denied to /dir directory because the default access state is set to deny . 

<Directory /dir>
	Order Allow,Deny
</Directory>