httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph A Nagy Jr <>
Subject [users@httpd] Using Allow,Deny for Access Control
Date Fri, 13 Dec 2002 17:28:01 GMT states:

Allow and Deny
The Allow and Deny directives let you allow and deny access based on the
host name, or host address, of the machine requesting a document. The
directive goes hand-in-hand with these is the Order directive, which
tells Apache in which order to apply the filters.

The usage of these directives is:

allow from address
where address is an IP address (or a partial IP address) or a fully
qualified domain name (or a partial domain name); you may provide
multiple addresses or domain names, if desired.

For example, if you have someone spamming your message board, and you
want to keep them out, you could do the following: 

deny from
Visitors coming from that address will not be able to see the content
behind this directive. If, instead, you have a machine name, rather than
an IP address, you can use that. 

deny from
And, if you'd like to block access from an entire domain, or even from
an entire tld (top level domain, such as .com or .gov) you can specify
just part of an address or domain name:

deny from 192.101.205
deny from
deny from tld
Using Order will let you be sure that you are actually restricting
things to the group that you want to let in, by combining a deny and an
allow directive:

Order Deny,Allow
Deny from all
Allow from
Listing just the allow directive would not do what you want, because it
will let users from that host in, in addition to letting everyone in.
What you want is to let in only users from that host.

My virtual host container:

<VirtualHost *>
    DocumentRoot /home/apache/dream-worlds/
<Directory "/home/apahe/dream-worlds/">
        Order Allow,Deny
        Allow from all
        Deny from some.ip
    Alias /chat-images/ /home/apache/images/
    Options All MultiViews
     ErrorLog logs/error.log
    CustomLog logs/access.log common
    ScriptAlias /cgi-bin/ /home/apache/dream-worlds/cgi-bin/
        Options Indexes FollowSymlinks MultiViews
 Alias /wav/ /home/apache/wavs/
 Alias /html40/ /home/apache/html40/
 Alias /css2/ /home/apache/css2/
<Directory "/home/apache/dream-worlds/cgi-bin/">
        Order deny,allow
        Deny from some.ip
        Allow from all
 Alias /mp3/ /home/apache/mp3/american-music/joseph-a-nagy-jr/
 Alias /game-music/ /home/apache/modz/

The problem: The user attached to some.ip can still access my website!
What am I doing wrong?

Joseph A Nagy Jr <>

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message