summaryrefslogtreecommitdiffstats
path: root/docs/manual/howto/access.html.en
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 06:33:50 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 06:33:50 +0000
commitfe39ffb8b90ae4e002ed73fe98617cd590abb467 (patch)
treeb80e5956907d8aeaaffe4e4f0c068c0e6157ce8b /docs/manual/howto/access.html.en
parentInitial commit. (diff)
downloadapache2-fe39ffb8b90ae4e002ed73fe98617cd590abb467.tar.xz
apache2-fe39ffb8b90ae4e002ed73fe98617cd590abb467.zip
Adding upstream version 2.4.56.upstream/2.4.56upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/manual/howto/access.html.en')
-rw-r--r--docs/manual/howto/access.html.en229
1 files changed, 229 insertions, 0 deletions
diff --git a/docs/manual/howto/access.html.en b/docs/manual/howto/access.html.en
new file mode 100644
index 0000000..1bd3e0e
--- /dev/null
+++ b/docs/manual/howto/access.html.en
@@ -0,0 +1,229 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Access Control - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">How-To / Tutorials</a></div><div id="page-content"><div id="preamble"><h1>Access Control</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/howto/access.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/howto/access.html" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/howto/access.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
+</div>
+
+ <p>Access control refers to any means of controlling access to any
+ resource. This is separate from <a href="auth.html">authentication and authorization</a>.</p>
+</div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#related">Related Modules and Directives</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#host">Access control by host</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#env">Access control by arbitrary variables</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#rewrite">Access control with mod_rewrite</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#moreinformation">More information</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="related" id="related">Related Modules and Directives</a></h2>
+
+ <p>Access control can be done by several different modules. The most
+ important of these are <code class="module"><a href="../mod/mod_authz_core.html">mod_authz_core</a></code> and
+ <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>. Also discussed in this document
+ is access control using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="host" id="host">Access control by host</a></h2>
+ <p>
+ If you wish to restrict access to portions of your site based on the
+ host address of your visitors, this is most easily done using
+ <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.
+ </p>
+
+ <p>The <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
+ provides a variety of different ways to allow or deny access to
+ resources. In conjunction with the <code class="directive"><a href="../mod/mod_authz_core.html#requireall">RequireAll</a></code>, <code class="directive"><a href="../mod/mod_authz_core.html#requireany">RequireAny</a></code>, and <code class="directive"><a href="../mod/mod_authz_core.html#requirenone">RequireNone</a></code> directives, these
+ requirements may be combined in arbitrarily complex ways, to enforce
+ whatever your access policy happens to be.</p>
+
+ <div class="warning"><p>
+ The <code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code>,
+ <code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code>, and
+ <code class="directive"><a href="../mod/mod_access_compat.html#order">Order</a></code> directives,
+ provided by <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code>, are deprecated and
+ will go away in a future version. You should avoid using them, and
+ avoid outdated tutorials recommending their use.
+ </p></div>
+
+ <p>The usage of these directives is:</p>
+
+ <pre class="prettyprint lang-config">Require host address
+Require ip ip.address</pre>
+
+
+ <p>In the first form, <var>address</var> is a fully qualified
+ domain name (or a partial domain name); you may provide multiple
+ addresses or domain names, if desired.</p>
+
+ <p>In the second form, <var>ip.address</var> is an IP address, a
+ partial IP address, a network/netmask pair, or a network/nnn CIDR
+ specification. Either IPv4 or IPv6 addresses may be used.</p>
+
+ <p>See <a href="../mod/mod_authz_host.html#requiredirectives">the
+ mod_authz_host documentation</a> for further examples of this
+ syntax.</p>
+
+ <p>You can insert <code>not</code> to negate a particular requirement.
+ Note, that since a <code>not</code> is a negation of a value, it cannot
+ be used by itself to allow or deny a request, as <em>not true</em>
+ does not constitute <em>false</em>. Thus, to deny a visit using a negation,
+ the block must have one element that evaluates as true or false.
+ For example, if you have someone spamming your message
+ board, and you want to keep them out, you could do the
+ following:</p>
+
+ <pre class="prettyprint lang-config">&lt;RequireAll&gt;
+ Require all granted
+ Require not ip 10.252.46.165
+&lt;/RequireAll&gt;</pre>
+
+
+ <p>Visitors coming from that address (<code>10.252.46.165</code>)
+ will not be able to see the content covered by this directive. If,
+ instead, you have a machine name, rather than an IP address, you
+ can use that.</p>
+
+ <pre class="prettyprint lang-config">Require not host <var>host.example.com</var>
+ </pre>
+
+
+ <p>And, if you'd like to block access from an entire domain,
+ you can specify just part of an address or domain name:</p>
+
+ <pre class="prettyprint lang-config">Require not ip 192.168.205
+Require not host phishers.example.com moreidiots.example
+Require not host gov</pre>
+
+
+ <p>Use of the <code class="directive"><a href="../mod/mod_authz_core.html#requireall">RequireAll</a></code>, <code class="directive"><a href="../mod/mod_authz_core.html#requireany">RequireAny</a></code>, and <code class="directive"><a href="../mod/mod_authz_core.html#requirenone">RequireNone</a></code> directives may be
+ used to enforce more complex sets of requirements.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="env" id="env">Access control by arbitrary variables</a></h2>
+
+ <p>Using the <code class="directive"><a href="../mod/core.html#if">&lt;If&gt;</a></code>,
+ you can allow or deny access based on arbitrary environment
+ variables or request header values. For example, to deny access
+ based on user-agent (the browser type) you might do the
+ following:</p>
+
+ <pre class="prettyprint lang-config">&lt;If "%{HTTP_USER_AGENT} == 'BadBot'"&gt;
+ Require all denied
+&lt;/If&gt;</pre>
+
+
+ <p>Using the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
+ <code>expr</code> syntax, this could also be written as:</p>
+
+
+ <pre class="prettyprint lang-config">Require expr %{HTTP_USER_AGENT} != 'BadBot'</pre>
+
+
+ <div class="note"><h3>Warning:</h3>
+ <p>Access control by <code>User-Agent</code> is an unreliable technique,
+ since the <code>User-Agent</code> header can be set to anything at all,
+ at the whim of the end user.</p>
+ </div>
+
+ <p>See <a href="../expr.html">the expressions document</a> for a
+ further discussion of what expression syntaxes and variables are
+ available to you.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="rewrite" id="rewrite">Access control with mod_rewrite</a></h2>
+
+ <p>The <code>[F]</code> <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> flag causes a 403 Forbidden
+ response to be sent. Using this, you can deny access to a resource based
+ on arbitrary criteria.</p>
+
+ <p>For example, if you wish to block access to a resource between 8pm
+ and 7am, you can do this using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
+
+ <pre class="prettyprint lang-config">RewriteEngine On
+RewriteCond "%{TIME_HOUR}" "&gt;=20" [OR]
+RewriteCond "%{TIME_HOUR}" "&lt;07"
+RewriteRule "^/fridge" "-" [F]</pre>
+
+
+ <p>This will return a 403 Forbidden response for any request after 8pm
+ or before 7am. This technique can be used for any criteria that you wish
+ to check. You can also redirect, or otherwise rewrite these requests, if
+ that approach is preferred.</p>
+
+ <p>The <code class="directive"><a href="../mod/core.html#if">&lt;If&gt;</a></code> directive,
+ added in 2.4, replaces many things that <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> has
+ traditionally been used to do, and you should probably look there first
+ before resorting to mod_rewrite.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="moreinformation" id="moreinformation">More information</a></h2>
+
+ <p>The <a href="../expr.html">expression engine</a> gives you a
+ great deal of power to do a variety of things based on arbitrary
+ server variables, and you should consult that document for more
+ detail.</p>
+
+ <p>Also, you should read the <code class="module"><a href="../mod/mod_authz_core.html">mod_authz_core</a></code>
+ documentation for examples of combining multiple access requirements
+ and specifying how they interact.</p>
+
+ <p>See also the <a href="auth.html">Authentication and Authorization</a>
+ howto.</p>
+</div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/howto/access.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/howto/access.html" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/howto/access.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/howto/access.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file