Access control for Apache servers

Apache access control refers to access control of any resource in any way.

One, host-based or IP address control

This access control is based on the host name or IP address of the visitor, enabling or prohibiting a host from accessing our server resources by using the Deny and allow directives. Usually the order directives are also used together to define the sequence in which the Deny and allows directives function. If you do not use the Order directive, the default order is Deny, allow, which is equivalent to order Deny,allow.

The order instruction and the allow,deny instruction are used together to realize a three-step control system.

The first step is to apply all of the preceding allow or deny directives to the current request in order, that is, if order Allow,deny, then the first step is to apply all the Allow commands to the current access, and if there is a match, the access ; If there is no match to an allow directive, then the access is forbidden;

The second step: match all the remaining instructions to the current request, and perform the corresponding access control if there is a match;

Step three: If the current request does not match to any instruction in the first two steps, execute the command that follows the order instruction.

Here's an example to understand:

Make the resources under the specified directory only accessible locally

    <directory "/server" >        Order allow,deny allow from        127.0.0.1    </Directory>

The first step: local access matches the Allow from 127.0.0.1 directive, so it is allowed; the other host does not match any of the Enable commands, so it is forbidden to access;

Step two: All accesses are not matched to the Deny Directive;

The third step: no access to any instructions, that is, not local access, according to the Order command, execute the subsequent deny instruction, so is forbidden to access;

Ii. access control based on environment variables

This can be done by allowing the from env= or the Deny from env= syntax, for example, to allow access only to users of Firefox browsers:

    <directory "/server" >        setenvif user-agent "Firefox" ff=1        Order allow,deny allow from        env=ff    </Directory>

third, using mod_rewrite to achieve access control

The [F] flag of the mod_rewrite Directive enables

Access control for Apache servers