5.6. Order, Allow, and Deny
So far we have dealt with potential users on an individual basis. We can also allow access from or deny access to specific IP addresses, hostnames, or groups of addresses and hostnames. The commands are allow from and deny from.
The order in which the allow and deny commands are applied is not set by the order in which they appear in your file. The default order is deny then allow: if a client is excluded by deny, it is excluded unless it matches allow. If neither is matched, the client is granted access.
The order in which these commands is applied can be set by the order directive.
5.6.1. Allow from
allow from host host ... Directory, .htaccess
The allow directive controls access to a directory. The argument host can be one of the following:
all
-
All hosts are allowed access.
A (partial) domain name
-
All hosts whose names match or end in this string are allowed access.
A full IP address
-
The first one to three bytes of an IP address, for subnet restriction.
A network/netmask pair
-
Network a.b.c.d and netmask w.x.y.z, to give finer-grained subnet control. For instance, 10.1.0.0/255.255.0.0.
A network CIDR specification
-
The netmask consists of nnn high-order 1-bits. For instance, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0.
5.6.2. Allow from env
allow from env=variablename ... Directory, .htaccess
The allow from env directive controls access by the existence of a named environment variable. For instance:
BrowserMatch ^KnockKnock/2.0 ...
Get Apache: The Definitive Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
