Hitachi

Hitachi Application Server V10 Definition Reference Guide (For UNIX® Systems)

2.3.28 Allow

Allow restricts the clients that can access the web server.

Description

Allow specifies to restrict the clients that can access the web server. You can specify the domain name, IP address, subnet, and netmask of the hosts that are permitted access in host. To permit access from all hosts, specify all.

In addition, the domain name, address, and prefix length that are related to the IPv6 address can be specified in host. When you specify an IPv6 address, do not enclose the IPv6 address in square brackets ([ ]). Specify the prefix length in the format IPv6_address/prefix_length. Specify the prefix length as a decimal.

If env=environment_variable is specified, access to the web server can be controlled by using the environment variable. If env=environment_variable is used together with the BrowserMatch, BrowserMatchNoCase, SetEnvIf, and SetEnvIfNoCase directives, the access to the web server can be restricted based on the HTTP request header field.

The Allow directive (access permitted) and the Deny directive (access restricted) can specify the order of evaluation by using the Order directive.

Host

Meaning

Domain name

Permits access from the host specified for the domain name.

IP address

Permits access from the host specified for the IP address.

Subnet

Permits access from the host specified for the subnet (the first 3 bytes of the IP address).

Netmask

Permits access from the host specified for the netmask notation (Example: 10.1.0.0/255.255.0.0).

When specified in the format 10.1.0.0/16, it is the same meaning as 10.1.0.0/255.255.0.0.

Syntax

Allow from {host|all|env=environment_variable} [{host|env=environment_variable} ...]

Locations where it can be written

<Directory> and .htaccess

Overwrite permission

Limit level

Examples

Example 1:
SetEnvIf User-Agent Mozilla.* access_ok
<Directory /docroot>
    Order deny,allow
    Deny from all
    Allow from env=access_ok
</Directory>

In this case, only requests from browsers that include Mozilla in the character string of User-Agent are permitted, and other requests are refused.

Example 2:

To specify the IPv6 address in host:

allow from 2001::123:4567:89ab:cdef

In addition, when specifying the prefix length, all of the following specifications have the same meaning.

allow from 2001:0:0:89ab::/64
allow from 2001:0:0:89AB::/64
allow from 2001::89ab:0:0:0:0/64
allow from 2001:0000:0000:89ab:0000:0000:0000:0000/64

To Page Top

Trademarks

Copyright (C) 2015, Hitachi, Ltd.

Copyright (C) 2013, Oracle and/or its affiliates. All rights reserved.