GCS Amplitude
GCS Amplitude

Apache Module mod_authz_host

The authorization providers implemented by

are registered using the modauthzhost

directive. The directive can be referenced within a Require

section as well as

files to control access to particular parts of the server. Access can be controlled based on the client hostname or IP address..htaccess

In general, access restriction directives apply to all access methods (GET

, etc). This is the desired behavior in most cases. However, it is possible to restrict some methods, while leaving other methods unrestricted, by enclosing the directives in a

This module provides no directives.

directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. modauthzhost extends the authorization types with Requireip

. Other authorization types may also be used but may require that additional authorization modules be loaded.

These authorization providers affect which hosts can access an area of the server. Access can be controlled by hostname, IP Address, or IP Address range.

Since v2.4.8, expressions are supported within the host require directives.

provider allows access to the server to be controlled based on the IP address of the remote client. When Require ip

is specified, then the request is allowed access if the IP address matches.ip-address

Require ip 10.1.2.3 Require ip 192.168.1.104 192.168.1.205

The first 1 to 3 bytes of an IP address, for subnet restriction.

A network/netmask pair:

A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.

A network/nnn CIDR specification:

Similar to the previous case, except the netmask consists of nnn high-order 1 bits.

Note that the last three examples above match exactly the same set of hosts.

IPv6 addresses and IPv6 subnets can be specified as shown below:

Require ip 2001:db8::a00:20ff:fea7:ccea Require ip 2001:db8::a00:20ff:fea7:ccea/10

Note: As the IP addresses are parsed on startup, expressions are not evaluated at request time.

is specified, then the request is allowed access if the host name matches.host-name

A (partial) domain-name

Require host example.org Require host .net example.edu

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.example.org

. This configuration will cause Apache to perform a double reverse DNS lookup on the client IP address, regardless of the setting of the

directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed.HostnameLookups

provider allows access to the server if any of the following conditions is true:

This allows a convenient way to match connections that originate from the local host:

If you are proxying content to your server, you need to be aware that the client address will be the address of your proxy server, not the address of the client, and so using the Require

directive in this context may not do what you mean. See

for one possible solution to this problem.mod_remoteip

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.4

Modules

Modules | Directives | FAQ | Glossary | Sitemap

Apache Module mod_authz_host

Available Languages: en | fr

en

Available Languages: en | fr

Apache License, Version 2.0

Copyright 2014 The Apache Software Foundation.Licensed under the Apache License, Version 2.0.