github.com/krum110487/go-htaccess@v0.0.0-20240316004156-60641c8e7598/tests/data/apache_2_2_34/manual/howto/access.html.en (about) 1 <?xml version="1.0" encoding="ISO-8859-1"?> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> 4 <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> 5 <!-- 6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 7 This file is generated from xml source: DO NOT EDIT 8 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 9 --> 10 <title>Access Control - Apache HTTP Server Version 2.2</title> 11 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> 12 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> 13 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> 14 <script src="../style/scripts/prettify.min.js" type="text/javascript"> 15 </script> 16 17 <link href="../images/favicon.ico" rel="shortcut icon" /><link href="http://httpd.apache.org/docs/current/howto/access.html" rel="canonical" /></head> 18 <body id="manual-page"><div id="page-header"> 19 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> 20 <p class="apache">Apache HTTP Server Version 2.2</p> 21 <img alt="" src="../images/feather.gif" /></div> 22 <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> 23 <div id="path"> 24 <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.2</a> > <a href="./">How-To / Tutorials</a></div><div id="page-content"><div class="retired"><h4>Please note</h4> 25 <p> This document refers to a legacy release (<strong>2.2</strong>) of Apache httpd. The active release (<strong>2.4</strong>) is documented <a href="http://httpd.apache.org/docs/current">here</a>. If you have not already upgraded, please follow <a href="http://httpd.apache.org/docs/current/upgrading.html">this link</a> for more information.</p> 26 <p>You may follow <a href="http://httpd.apache.org/docs/current/howto/access.html">this link</a> to go to the current version of this document.</p></div><div id="preamble"><h1>Access Control</h1> 27 <div class="toplang"> 28 <p><span>Available Languages: </span><a href="../en/howto/access.html" title="English"> en </a></p> 29 </div> 30 31 <p>Access control refers to any means of controlling access to any 32 resource. This is separate from <a href="auth.html">authentication and authorization</a>.</p> 33 </div> 34 <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#related">Related Modules and Directives</a></li> 35 <li><img alt="" src="../images/down.gif" /> <a href="#host">Access control by host</a></li> 36 <li><img alt="" src="../images/down.gif" /> <a href="#env">Access control by environment variable</a></li> 37 <li><img alt="" src="../images/down.gif" /> <a href="#rewrite">Access control with mod_rewrite</a></li> 38 <li><img alt="" src="../images/down.gif" /> <a href="#moreinformation">More information</a></li> 39 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> 40 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> 41 <div class="section"> 42 <h2><a name="related" id="related">Related Modules and Directives</a></h2> 43 44 <p>Access control can be done by several different modules. The most 45 important of these is <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>. Other modules 46 discussed in this document include <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code> and 47 <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p> 48 49 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> 50 <div class="section"> 51 <h2><a name="host" id="host">Access control by host</a></h2> 52 <p> 53 If you wish to restrict access to portions of your site based on the 54 host address of your visitors, this is most easily done using 55 <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>. 56 </p> 57 58 <p>The <code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code> and 59 <code class="directive"><a href="../mod/mod_authz_host.html#deny">Deny</a></code> directives let 60 you allow and deny access based on the host name, or host 61 address, of the machine requesting a document. The 62 <code class="directive"><a href="../mod/mod_authz_host.html#order">Order</a></code> directive goes 63 hand-in-hand with these two, and tells Apache in which order to 64 apply the filters.</p> 65 66 <p>The usage of these directives is:</p> 67 68 <div class="example"><p><code> 69 Allow from <var>address</var> 70 </code></p></div> 71 72 <p>where <var>address</var> is an IP address (or a partial IP 73 address) or a fully qualified domain name (or a partial domain 74 name); you may provide multiple addresses or domain names, if 75 desired.</p> 76 77 <p>For example, if you have someone spamming your message 78 board, and you want to keep them out, you could do the 79 following:</p> 80 81 <div class="example"><p><code> 82 Deny from 10.252.46.165 83 </code></p></div> 84 85 <p>Visitors coming from that address will not be able to see 86 the content covered by this directive. If, instead, you have a 87 machine name, rather than an IP address, you can use that.</p> 88 89 <div class="example"><p><code> 90 Deny from <var>host.example.com</var> 91 </code></p></div> 92 93 <p>And, if you'd like to block access from an entire domain, 94 you can specify just part of an address or domain name:</p> 95 96 <div class="example"><p><code> 97 Deny from <var>192.168.205</var><br /> 98 Deny from <var>phishers.example.com</var> <var>moreidiots.example</var><br /> 99 Deny from ke 100 </code></p></div> 101 102 <p>Using <code class="directive"><a href="../mod/mod_authz_host.html#order">Order</a></code> will let you 103 be sure that you are actually restricting things to the group that you want 104 to let in, by combining a <code class="directive"><a href="../mod/mod_authz_host.html#deny">Deny</a></code> and an <code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code> directive:</p> 105 106 <div class="example"><p><code> 107 Order deny,allow<br /> 108 Deny from all<br /> 109 Allow from <var>dev.example.com</var> 110 </code></p></div> 111 112 <p>Listing just the <code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code> 113 directive would not do what you want, because it will let folks from that 114 host in, in addition to letting everyone in. What you want is to let 115 <em>only</em> those folks in.</p> 116 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> 117 <div class="section"> 118 <h2><a name="env" id="env">Access control by environment variable</a></h2> 119 120 <p> 121 <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>, in conjunction with 122 <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>, can be used to restrict access to 123 your website based on the value of arbitrary environment variables. 124 This is done with the <code>Allow from env=</code> and <code>Deny 125 from env=</code> syntax. 126 </p> 127 128 <div class="example"><p><code> 129 SetEnvIf User-Agent BadBot GoAway=1<br /> 130 Order allow,deny<br /> 131 Allow from all<br /> 132 Deny from env=GoAway 133 </code></p></div> 134 135 <div class="note"><h3>Warning:</h3> 136 <p>Access control by <code>User-Agent</code> is an unreliable technique, 137 since the <code>User-Agent</code> header can be set to anything at all, 138 at the whim of the end user.</p> 139 </div> 140 141 <p> 142 In the above example, the environment variable <code>GoAway</code> 143 is set to <code>1</code> if the <code>User-Agent</code> matches the 144 string <code>BadBot</code>. Then we deny access for any request when 145 this variable is set. This blocks that particular user agent from 146 the site. 147 </p> 148 149 <p>An environment variable test can be negated using the <code>=!</code> 150 syntax:</p> 151 152 <div class="example"><p> 153 Allow from env=!GoAway 154 </p></div> 155 156 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> 157 <div class="section"> 158 <h2><a name="rewrite" id="rewrite">Access control with mod_rewrite</a></h2> 159 160 <p>The <code>[F]</code> <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> flag causes a 403 Forbidden 161 response to be sent. Using this, you can deny access to a resource based 162 on arbitrary criteria.</p> 163 164 <p>For example, if you wish to block access to a resource between 8pm 165 and 6am, you can do this using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p> 166 167 <div class="example"><p><code> 168 RewriteEngine On<br /> 169 RewriteCond %{TIME_HOUR} >20 [OR]<br /> 170 RewriteCond %{TIME_HOUR} <07<br /> 171 RewriteRule ^/fridge - [F] 172 </code></p></div> 173 174 <p>This will return a 403 Forbidden response for any request after 8pm 175 or before 7am. This technique can be used for any criteria that you wish 176 to check. You can also redirect, or otherwise rewrite these requests, if 177 that approach is preferred.</p> 178 179 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> 180 <div class="section"> 181 <h2><a name="moreinformation" id="moreinformation">More information</a></h2> 182 <p>You should also read the documentation for 183 <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> and <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> which 184 contain some more information about how this all works. 185 <code class="module"><a href="../mod/mod_authn_alias.html">mod_authn_alias</a></code> can also help in simplifying certain 186 authentication configurations.</p> 187 188 <p>See the <a href="auth.html">Authentication and Authorization</a> 189 howto.</p> 190 </div></div> 191 <div class="bottomlang"> 192 <p><span>Available Languages: </span><a href="../en/howto/access.html" title="English"> en </a></p> 193 </div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> 194 <script type="text/javascript"><!--//--><![CDATA[//><!-- 195 var comments_shortname = 'httpd'; 196 var comments_identifier = 'http://httpd.apache.org/docs/2.2/howto/access.html'; 197 (function(w, d) { 198 if (w.location.hostname.toLowerCase() == "httpd.apache.org") { 199 d.write('<div id="comments_thread"><\/div>'); 200 var s = d.createElement('script'); 201 s.type = 'text/javascript'; 202 s.async = true; 203 s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; 204 (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); 205 } 206 else { 207 d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); 208 } 209 })(window, document); 210 //--><!]]></script></div><div id="footer"> 211 <p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> 212 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- 213 if (typeof(prettyPrint) !== 'undefined') { 214 prettyPrint(); 215 } 216 //--><!]]></script> 217 </body></html>