From: Luis Gil Date: Mon, 23 May 2016 13:11:15 +0000 (+0000) Subject: Fixed the time in the line previouse to the example. X-Git-Tag: 2.5.0-alpha~1576 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=541f0a0a6766cb4e2417ca1c256d174e298c37b8;p=apache Fixed the time in the line previouse to the example. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1745189 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/howto/access.html.en b/docs/manual/howto/access.html.en index 35df330948..98df4f2bd6 100644 --- a/docs/manual/howto/access.html.en +++ b/docs/manual/howto/access.html.en @@ -1,207 +1,209 @@ - - - - + + + + -Access Control - Apache HTTP Server Version 2.5 - - - - - - - -
<-
-
-Apache > HTTP Server > Documentation > Version 2.5 > How-To / Tutorials

Access Control

-
-

Available Languages:  en  | - fr 

-
- -

Access control refers to any means of controlling access to any - resource. This is separate from authentication and authorization.

-
- -
top
-
-

Related Modules and Directives

- -

Access control can be done by several different modules. The most - important of these are mod_authz_core and - mod_authz_host. Also discussed in this document - is access control using mod_rewrite.

- -
top
-
-

Access control by host

-

- If you wish to restrict access to portions of your site based on the - host address of your visitors, this is most easily done using - mod_authz_host. -

- -

The Require - provides a variety of different ways to allow or deny access to - resources. In conjunction with the RequireAll, RequireAny, and RequireNone directives, these - requirements may be combined in arbitrarily complex ways, to enforce - whatever your access policy happens to be.

- -

- The Allow, - Deny, and - Order directives, - provided by mod_access_compat, are deprecated and - will go away in a future version. You should avoid using them, and - avoid outdated tutorials recommending their use. -

- -

The usage of these directives is:

- -
Require host address
-Require ip ip.address
-    
- - -

In the first form, address is a fully qualified - domain name (or a partial domain name); you may provide multiple - addresses or domain names, if desired.

- -

In the second form, ip.address is an IP address, a - partial IP address, a network/netmask pair, or a network/nnn CIDR - specification. Either IPv4 or IPv6 addresses may be used.

- -

See the - mod_authz_host documentation for further examples of this - syntax.

- -

You can insert not to negate a particular requirement. - Note, that since a not is a negation of a value, it cannot - be used by itself to allow or deny a request, as not true - does not constitute false. Thus, to deny a visit using a negation, - the block must have one element that evaluates as true or false. - For example, if you have someone spamming your message - board, and you want to keep them out, you could do the - following:

- -
<RequireAll>
-    Require all granted
-    Require not ip 10.252.46.165
-</RequireAll>
- - -

Visitors coming from that address (10.252.46.165) - will not be able to see the content covered by this directive. If, - instead, you have a machine name, rather than an IP address, you - can use that.

- -
Require not host host.example.com
-    
- - -

And, if you'd like to block access from an entire domain, - you can specify just part of an address or domain name:

- -
Require not ip 192.168.205
-Require not host phishers.example.com moreidiots.example
-Require not host gov
- - -

Use of the RequireAll, RequireAny, and RequireNone directives may be - used to enforce more complex sets of requirements.

- -
top
-
-

Access control by arbitrary variables

- -

Using the <If>, - you can allow or deny access based on arbitrary environment - variables or request header values. For example, to deny access - based on user-agent (the browser type) you might do the - following:

- -
<If "%{HTTP_USER_AGENT} == 'BadBot'">
-    Require all denied
-</If>
- - -

Using the Require - expr syntax, this could also be written as:

- - -
Require expr %{HTTP_USER_AGENT} != 'BadBot'
- - -

Warning:

-

Access control by User-Agent is an unreliable technique, - since the User-Agent header can be set to anything at all, - at the whim of the end user.

-
- -

See the expressions document for a - further discussion of what expression syntaxes and variables are - available to you.

- -
top
-
-

Access control with mod_rewrite

- -

The [F] RewriteRule flag causes a 403 Forbidden - response to be sent. Using this, you can deny access to a resource based - on arbitrary criteria.

- -

For example, if you wish to block access to a resource between 8pm - and 6am, you can do this using mod_rewrite.

- -
RewriteEngine On
-RewriteCond "%{TIME_HOUR}" ">=20" [OR]
-RewriteCond "%{TIME_HOUR}" "<07"
-RewriteRule "^/fridge"     "-"       [F]
- - -

This will return a 403 Forbidden response for any request after 8pm - or before 7am. This technique can be used for any criteria that you wish - to check. You can also redirect, or otherwise rewrite these requests, if - that approach is preferred.

- -

The <If> directive, - added in 2.4, replaces many things that mod_rewrite has - traditionally been used to do, and you should probably look there first - before resorting to mod_rewrite.

- -
top
-
-

More information

- -

The expression engine gives you a - great deal of power to do a variety of things based on arbitrary - server variables, and you should consult that document for more - detail.

- -

Also, you should read the mod_authz_core - documentation for examples of combining multiple access requirements - and specifying how they interact.

- -

See also the Authentication and Authorization - howto.

-
-
-

Available Languages:  en  | - fr 

-
top

Comments

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
+ --> +Access Control - Apache HTTP Server Version 2.5 + + + + + + + +
<-
+

Access Control

+
+

Available Languages:  en  | + es  | + fr 

+
+ +

Access control refers to any means of controlling access to any + resource. This is separate from authentication and authorization.

+
+ +
top
+
+

Related Modules and Directives

+ +

Access control can be done by several different modules. The most + important of these are mod_authz_core and + mod_authz_host. Also discussed in this document + is access control using mod_rewrite.

+ +
top
+
+

Access control by host

+

+ If you wish to restrict access to portions of your site based on the + host address of your visitors, this is most easily done using + mod_authz_host. +

+ +

The Require + provides a variety of different ways to allow or deny access to + resources. In conjunction with the RequireAll, RequireAny, and RequireNone directives, these + requirements may be combined in arbitrarily complex ways, to enforce + whatever your access policy happens to be.

+ +

+ The Allow, + Deny, and + Order directives, + provided by mod_access_compat, are deprecated and + will go away in a future version. You should avoid using them, and + avoid outdated tutorials recommending their use. +

+ +

The usage of these directives is:

+ +
Require host address
+Require ip ip.address
+    
+ + +

In the first form, address is a fully qualified + domain name (or a partial domain name); you may provide multiple + addresses or domain names, if desired.

+ +

In the second form, ip.address is an IP address, a + partial IP address, a network/netmask pair, or a network/nnn CIDR + specification. Either IPv4 or IPv6 addresses may be used.

+ +

See the + mod_authz_host documentation for further examples of this + syntax.

+ +

You can insert not to negate a particular requirement. + Note, that since a not is a negation of a value, it cannot + be used by itself to allow or deny a request, as not true + does not constitute false. Thus, to deny a visit using a negation, + the block must have one element that evaluates as true or false. + For example, if you have someone spamming your message + board, and you want to keep them out, you could do the + following:

+ +
<RequireAll>
+    Require all granted
+    Require not ip 10.252.46.165
+</RequireAll>
+ + +

Visitors coming from that address (10.252.46.165) + will not be able to see the content covered by this directive. If, + instead, you have a machine name, rather than an IP address, you + can use that.

+ +
Require not host host.example.com
+    
+ + +

And, if you'd like to block access from an entire domain, + you can specify just part of an address or domain name:

+ +
Require not ip 192.168.205
+Require not host phishers.example.com moreidiots.example
+Require not host gov
+ + +

Use of the RequireAll, RequireAny, and RequireNone directives may be + used to enforce more complex sets of requirements.

+ +
top
+
+

Access control by arbitrary variables

+ +

Using the <If>, + you can allow or deny access based on arbitrary environment + variables or request header values. For example, to deny access + based on user-agent (the browser type) you might do the + following:

+ +
<If "%{HTTP_USER_AGENT} == 'BadBot'">
+    Require all denied
+</If>
+ + +

Using the Require + expr syntax, this could also be written as:

+ + +
Require expr %{HTTP_USER_AGENT} != 'BadBot'
+ + +

Warning:

+

Access control by User-Agent is an unreliable technique, + since the User-Agent header can be set to anything at all, + at the whim of the end user.

+
+ +

See the expressions document for a + further discussion of what expression syntaxes and variables are + available to you.

+ +
top
+
+

Access control with mod_rewrite

+ +

The [F] RewriteRule flag causes a 403 Forbidden + response to be sent. Using this, you can deny access to a resource based + on arbitrary criteria.

+ +

For example, if you wish to block access to a resource between 8pm + and 7am, you can do this using mod_rewrite.

+ +
RewriteEngine On
+RewriteCond "%{TIME_HOUR}" ">=20" [OR]
+RewriteCond "%{TIME_HOUR}" "<07"
+RewriteRule "^/fridge"     "-"       [F]
+ + +

This will return a 403 Forbidden response for any request after 8pm + or before 7am. This technique can be used for any criteria that you wish + to check. You can also redirect, or otherwise rewrite these requests, if + that approach is preferred.

+ +

The <If> directive, + added in 2.4, replaces many things that mod_rewrite has + traditionally been used to do, and you should probably look there first + before resorting to mod_rewrite.

+ +
top
+
+

More information

+ +

The expression engine gives you a + great deal of power to do a variety of things based on arbitrary + server variables, and you should consult that document for more + detail.

+ +

Also, you should read the mod_authz_core + documentation for examples of combining multiple access requirements + and specifying how they interact.

+ +

See also the Authentication and Authorization + howto.

+
+
+

Available Languages:  en  | + es  | + fr 

+
top

Comments

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
+//--> \ No newline at end of file diff --git a/docs/manual/howto/access.xml b/docs/manual/howto/access.xml index 802d273509..e8a59f2f43 100644 --- a/docs/manual/howto/access.xml +++ b/docs/manual/howto/access.xml @@ -168,7 +168,7 @@ Require expr %{HTTP_USER_AGENT} != 'BadBot' on arbitrary criteria.

For example, if you wish to block access to a resource between 8pm - and 6am, you can do this using mod_rewrite.

+ and 7am, you can do this using mod_rewrite.

RewriteEngine On