📄 mod_access.html.en
字号:
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX This file is generated from xml source: DO NOT EDIT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --><title>mod_access - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_access</h1><div class="toplang"><p><span>Available Languages: </span><a href="../en/mod/mod_access.html" title="English"> en </a> |<a href="../ja/mod/mod_access.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p></div><table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Provides access control based on client hostname, IPaddress, or other characteristics of the client request.</td></tr><tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module營dentifier:</a></th><td>access_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source燜ile:</a></th><td>mod_access.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available only in versions prior to 2.1</td></tr></table><h3>Summary</h3> <p>The directives provided by <code class="module"><a href="../mod/mod_access.html">mod_access</a></code> are used in <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#files"><Files></a></code>, and <code class="directive"><a href="../mod/core.html#location"><Location></a></code> sections as well as <code><a href="core.html#accessfilename">.htaccess</a></code> files to control access to particular parts of the server. Access can be controlled based on the client hostname, IP address, or other characteristics of the client request, as captured in <a href="../env.html">environment variables</a>. The <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are used to specify which clients are or are not allowed access to the server, while the <code class="directive"><a href="#order">Order</a></code> directive sets the default access state, and configures how the <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives interact with each other.</p> <p>Both host-based access restrictions and password-based authentication may be implemented simultaneously. In that case, the <code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code> directive is used to determine how the two sets of restrictions interact.</p> <p>In general, access restriction directives apply to all access methods (<code>GET</code>, <code>PUT</code>, <code>POST</code>, etc). This is the desired behavior in most cases. However, it is possible to restrict some methods, while leaving other methods unrestricted, by enclosing the directives in a <code class="directive"><a href="../mod/core.html#limit"><Limit></a></code> section.</p></div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#allow">Allow</a></li><li><img alt="" src="../images/down.gif" /> <a href="#deny">Deny</a></li><li><img alt="" src="../images/down.gif" /> <a href="#order">Order</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls which hosts can access an area of theserver</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code> Allow from all|<var>host</var>|env=<var>env-variable</var> [<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_access</td></tr></table> <p>The <code class="directive">Allow</code> directive affects which hosts can access an area of the server. Access can be controlled by hostname, IP address, IP address range, or by other characteristics of the client request captured in environment variables.</p> <p>The first argument to this directive is always <code>from</code>. The subsequent arguments can take three different forms. If <code>Allow from all</code> is specified, then all hosts are allowed access, subject to the configuration of the <code class="directive"><a href="#deny">Deny</a></code> and <code class="directive"><a href="#order">Order</a></code> directives as discussed below. To allow only particular hosts or groups of hosts to access the server, the <var>host</var> can be specified in any of the following formats:</p> <dl> <dt>A (partial) domain-name</dt> <dd> <div class="example"><h3>Example:</h3><p><code> Allow from apache.org<br /> Allow from .net example.edu </code></p></div> <p>Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match <code>foo.apache.org</code> but it will not match <code>fooapache.org</code>. This configuration will cause Apache to perform a double reverse DNS lookup on the client IP address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed.</p></dd> <dt>A full IP address</dt> <dd> <div class="example"><h3>Example:</h3><p><code> Allow from 10.1.2.3<br /> Allow from 192.168.1.104 192.168.1.205 </code></p></div> <p>An IP address of a host allowed access</p></dd> <dt>A partial IP address</dt> <dd> <div class="example"><h3>Example:</h3><p><code> Allow from 10.1<br /> Allow from 10 172.20 192.168.2 </code></p></div> <p>The first 1 to 3 bytes of an IP address, for subnet restriction.</p></dd> <dt>A network/netmask pair</dt> <dd> <div class="example"><h3>Example:</h3><p><code> Allow from 10.1.0.0/255.255.0.0 </code></p></div> <p>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.</p></dd> <dt>A network/nnn CIDR specification</dt> <dd> <div class="example"><h3>Example:</h3><p><code> Allow from 10.1.0.0/16 </code></p></div> <p>Similar to the previous case, except the netmask consists of nnn high-order 1 bits.</p></dd> </dl> <p>Note that the last three examples above match exactly the same set of hosts.</p> <p>IPv6 addresses and IPv6 subnets can be specified as shown below:</p> <div class="example"><p><code> Allow from 2001:db8::a00:20ff:fea7:ccea<br /> Allow from 2001:db8::a00:20ff:fea7:ccea/10 </code></p></div> <p>The third format of the arguments to the <code class="directive">Allow</code> directive allows access to the server to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Allow from env=<var>env-variable</var></code> is specified, then the request is allowed access if the environment variable <var>env-variable</var> exists. The server provides the ability to set environment variables in a flexible way based on characteristics of the client request using the directives provided by <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be used to allow access based on such factors as the clients <code>User-Agent</code> (browser type), <code>Referer</code>, or other HTTP request header fields.</p> <div class="example"><h3>Example:</h3><p><code> SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br /> <Directory /docroot><br />⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -