1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5 This file is generated from xml source: DO NOT EDIT
6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8 <title>mod_authz_host - Apache HTTP Server</title>
9 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
10 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
11 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
12 <link href="../images/favicon.ico" rel="shortcut icon" /></head>
14 <div id="page-header">
15 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
16 <p class="apache">Apache HTTP Server Version 2.3</p>
17 <img alt="" src="../images/feather.gif" /></div>
18 <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
20 <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">Modules</a></div>
21 <div id="page-content">
22 <div id="preamble"><h1>Apache Module mod_authz_host</h1>
24 <p><span>Available Languages: </span><a href="../en/mod/mod_authz_host.html" title="English"> en </a> |
25 <a href="../ja/mod/mod_authz_host.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
26 <a href="../ko/mod/mod_authz_host.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
28 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group authorizations based on host (name or IP
30 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
31 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>authz_host_module</td></tr>
32 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_authz_host.c</td></tr>
33 <tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
36 <p>The authorization providers implemented by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> are
37 registered using the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> or
38 <code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code> directives. These
39 directives can be referenced within a
40 <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>,
41 <code class="directive"><a href="../mod/core.html#files"><Files></a></code>,
42 or <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section
43 as well as <code><a href="core.html#accessfilename">.htaccess</a>
44 </code> files to control access to particular parts of the server.
45 Access can be controlled based on the client hostname, IP address, or
46 other characteristics of the client request, as captured in <a href="../env.html">environment variables</a>.</p>
48 <p>In general, access restriction directives apply to all
49 access methods (<code>GET</code>, <code>PUT</code>,
50 <code>POST</code>, etc). This is the desired behavior in most
51 cases. However, it is possible to restrict some methods, while
52 leaving other methods unrestricted, by enclosing the directives
53 in a <code class="directive"><a href="../mod/core.html#limit"><Limit></a></code> section.</p>
55 <div id="quickview"><h3 class="directives">Directives</h3>
56 <p>This module provides no
60 <li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The require Directives</a></li>
61 </ul><h3>See also</h3>
63 <li><a href="../howto/auth.html">Authentication, Authorization,
64 and Access Control</a></li>
65 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
66 <li><code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code></li>
68 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
70 <h2><a name="requiredirectives" id="requiredirectives">The require Directives</a></h2>
72 <p>Apache's <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> and
73 <code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code> directives are
74 used during the authorization phase to ensure that a user is allowed or
75 denied access to a resource. mod_authz_host extends the
76 authorization types with <code>env</code>, <code>ip</code>,
77 <code>host</code> and <code>all</code>. Other authorization types may also be
78 used but may require that additional authorization modules be loaded.</p>
80 <p>These authorization providers affect which hosts can
81 access an area of the server. Access can be controlled by
82 hostname, IP Address, IP Address range, or by other
83 characteristics of the client request captured in environment
86 <h3><a name="reqenv" id="reqenv">require env</a></h3>
88 <p>The <code>env</code> provider allows access to the server
89 to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Require
90 env <var>env-variable</var></code> is specified, then the request is
91 allowed access if the environment variable <var>env-variable</var>
92 exists. The server provides the ability to set environment
93 variables in a flexible way based on characteristics of the client
94 request using the directives provided by
95 <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
96 used to allow access based on such factors as the clients
97 <code>User-Agent</code> (browser type), <code>Referer</code>, or
98 other HTTP request header fields.</p>
100 <div class="example"><h3>Example:</h3><p><code>
101 SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br />
102 <Directory /docroot><br />
103 <span class="indent">
104 Require env let_me_in<br />
109 <p>In this case, browsers with a user-agent string beginning
110 with <code>KnockKnock/2.0</code> will be allowed access, and all
111 others will be denied.</p>
115 <h3><a name="reqip" id="reqip">require ip</a></h3>
117 <p>The <code>ip</code> provider allows access to the server
118 to be controlled based on the IP address of the remote client.
119 When <code>Require ip <var>ip-address</var></code> is specified,
120 then the request is allowed access if the IP address matches.</p>
122 <p>A full IP address:</p>
124 <div class="example"><p><code>
125 Require ip 10.1.2.3<br />
126 Require ip 192.168.1.104 192.168.1.205
129 <p>An IP address of a host allowed access</p>
131 <p>A partial IP address:</p>
133 <div class="example"><p><code>
134 Require ip 10.1<br />
135 Require ip 10 172.20 192.168.2
137 <p>The first 1 to 3 bytes of an IP address, for subnet
140 <p>A network/netmask pair:</p>
142 <div class="example"><p><code>
143 Require ip 10.1.0.0/255.255.0.0
145 <p>A network a.b.c.d, and a netmask w.x.y.z. For more
146 fine-grained subnet restriction.</p>
148 <p>A network/nnn CIDR specification:</p>
150 <div class="example"><p><code>
151 Require ip 10.1.0.0/16
153 <p>Similar to the previous case, except the netmask consists of
154 nnn high-order 1 bits.</p>
156 <p>Note that the last three examples above match exactly the
157 same set of hosts.</p>
159 <p>IPv6 addresses and IPv6 subnets can be specified as shown
162 <div class="example"><p><code>
163 Require ip 2001:db8::a00:20ff:fea7:ccea<br />
164 Require ip 2001:db8::a00:20ff:fea7:ccea/10
170 <h3><a name="reqhost" id="reqhost">require host</a></h3>
172 <p>The <code>host</code> provider allows access to the server
173 to be controlled based on the host name of the remote client.
174 When <code>Require host <var>host-name</var></code> is specified,
175 then the request is allowed access if the host name matches.</p>
177 <p>A (partial) domain-name</p>
179 <div class="example"><p><code>
180 Require host apache.org<br />
181 Require host .net example.edu
184 <p>Hosts whose names match, or end in, this string are allowed
185 access. Only complete components are matched, so the above
186 example will match <code>foo.apache.org</code> but it will not
187 match <code>fooapache.org</code>. This configuration will cause
188 Apache to perform a double reverse DNS lookup on the client IP
189 address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> directive. It will do
190 a reverse DNS lookup on the IP address to find the associated
191 hostname, and then do a forward lookup on the hostname to assure
192 that it matches the original IP address. Only if the forward
193 and reverse DNS are consistent and the hostname matches will
194 access be allowed.</p>
198 <h3><a name="reqall" id="reqall">require all</a></h3>
200 <p>The <code>all</code> provider mimics the functionality the
201 was previously provided by the 'Allow from all' and 'Deny from all'
202 directives. This provider can take one of two arguments which are
203 'granted' or 'denied'. The following examples will grant or deny
204 access to all requests.</p>
206 <div class="example"><p><code>
207 Require all granted<br />
210 <div class="example"><p><code>
211 Require all denied<br />
219 <div class="bottomlang">
220 <p><span>Available Languages: </span><a href="../en/mod/mod_authz_host.html" title="English"> en </a> |
221 <a href="../ja/mod/mod_authz_host.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
222 <a href="../ko/mod/mod_authz_host.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
223 </div><div id="footer">
224 <p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
225 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>