> This isn't a mod_ssl specific feature (though somewhat security
> related, I guess). It is a built-in to the Apache web server.
>
> <Directory /usr/home/foo>
> Order allow,deny
> Allow from 192.168.0.0/16
> Deny from all
> </Directory>
>
> The 'Deny from all' above is redundant, since deny is the default
> action if the ip doesn't match the allow statement.
>
> The order of allow/deny is important. Whichever (allow or deny) is
> last becomes the default action. For example, if the order directive
> is:
>
> Order allow,deny
>
> all access is denied by default. Only IP addresses matching the allow
> directive will be allowed. This is useful for allowing access to
> authorized clients based on their IP address while denying access to
> everyone else.
>
> If the order directive is:
>
> Order deny,allow
>
> all access is allowed by default. Only IP addresses matching the deny
> directive will be denied. This is useful for restricting access from
> abusive clients based on their IP address. For more information on
> this (including more examples), read the Apache Server documentation.
[snip]> Scott Wiersdorf
Personally, when using "Order" I invariably use "Order Deny,Allow" followed
immediately by "Deny from all",and then all the "Allow from"s. It makes it
far clearer when reading than having "Order Allow,Deny" followed by a number
of "Allow from"s.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
