ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaie_5.4.0.1/rzaiemod_access.htm

211 lines
12 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="topic" />
<meta name="DC.Title" content="Module mod_access" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiemod_access" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Module mod_access</title>
</head>
<body id="rzaiemod_access"><a name="rzaiemod_access"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<!--Java sync-link--><h1 class="topictitle1">Module mod_access</h1>
<div><div class="important"><span class="importanttitle">Important:</span> Information
for this topic supports the latest PTF levels for HTTP Server for i5/OS .
It is recommended that you install the latest PTFs to upgrade to the latest
level of the HTTP Server for i5/OS. Some of the topics documented here are
not available prior to this update. See <a href="http://www-03.ibm.com/servers/eserver/iseries/software/http/services/service.html" target="_blank">http://www.ibm.com/servers/eserver/iseries/software/http/services/service.htm</a> <img src="www.gif" alt="Link outside Information Center" /> for more information. </div>
<p><strong>Summary</strong></p>
<p>The module mod_access provides access control based on a client's hostname
or IP address.</p>
<p><strong>Directives</strong></p>
<ul><li><a href="#allow">Allow</a></li>
<li><a href="#deny">Deny</a></li>
<li><a href="#order">Order</a></li>
</ul>
</div>
<div class="hr" id="allow"><a name="allow"><!-- --></a><h2 class="topictitle2">Allow</h2>
<div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="void" border="0" rules="none"><tbody><tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Module">Module</a></strong>: mod_access</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Syntax">Syntax</a></strong>: allow from <em>all | env=[!]envvar | host
[host ...]</em></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Default">Default</a></strong>: none</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Context">Context</a></strong>: <span id="allow__allow_context"><a name="allow__allow_context"><!-- --></a>directory, .htaccess</span></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Override">Override</a></strong>: Limit</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Origin">Origin</a></strong>: <span id="allow__allow_origin"><a name="allow__allow_origin"><!-- --></a>Apache</span></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Example">Example</a></strong>: allow from all</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Example">Example</a></strong>: allow from env=go_away</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Example">Example</a></strong>: allow from 10.10.10.10 .ibm.com</td>
</tr>
</tbody>
</table>
</div>
<p>The Allow directive affects which hosts can access a given directory.</p>
<dl class="block"><dt class="dlterm"><strong>Parameter</strong>: <em>host</em></dt>
<dd><ul><li>If <em>all</em>, all hosts are allowed access.</li>
<li>If <em>full</em> or <em>partial domain-name</em>, hosts whose names match
or end in this string are allowed access. </li>
<li>If <em>full IP address</em>, only IP address of a host are allowed access. </li>
<li>If <em>partial IP address</em>, only the first 1 to 3 bytes of an IP address,
for subnet restriction. </li>
<li>If<em> network/netmask</em>, a network a.b.c.d. And a netmask w.x.y.z. Can
be used for fine-grained subnet restriction (for example, 10.2.0.0/255.255.0.0).
</li>
<li>If <em>network/nnn CIDR specification</em>, it is similar to the previous
case, except the netmask consists of nnn higher-order 1 bits (for example,
10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0).</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> This compares whole components, ibm.com<sup>®</sup> would not match <em>QIBMibm.com</em>.</div>
</dd>
</dl>
<p>The allow from env option controls access to a directory by the existence
(or nonexistence) of an environment variable. For example: </p>
<pre class="block">BrowserMatch ^KnockKnock/2.0 let_me_in
&lt;Directory /docroot&gt;
order deny,allow
deny from all
allow from env=let_me_in
&lt;/Directory&gt;</pre>
<p>In this case browsers with the user-agent string KnockKnock/2.0 will be
allowed access, and all others will be denied.</p>
<p>See also <a href="#deny">Deny</a>, <a href="#order">Order</a>, and BrowserMatch.</p>
</div>
</div>
<div class="hr" id="deny"><a name="deny"><!-- --></a><h2 class="topictitle2">Deny</h2>
<div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="void" border="0" rules="none"><tbody><tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Module">Module</a></strong>: mod_access</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Syntax">Syntax</a></strong>: deny from <em>all | env=[!]envvar | host
[host ...]</em></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Default">Default</a></strong>: none</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Context">Context</a></strong>: <span id="deny__deny_context"><a name="deny__deny_context"><!-- --></a>directory, .htaccess</span></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Override">Override</a></strong>: Limit</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Origin">Origin</a></strong>: <span id="deny__deny_origin"><a name="deny__deny_origin"><!-- --></a>Apache</span></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Example">Example</a></strong>: deny from env=go_away</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Example">Example</a></strong>: deny from 10.10.10.10 .ibm.com</td>
</tr>
</tbody>
</table>
</div>
<p>The deny directive affects which hosts can access a given directory.</p>
<dl class="block"><dt class="dlterm"><strong>Parameter</strong>: <em>host</em></dt>
<dd><ul><li>If <em>all</em>, all hosts are denied access. </li>
<li>If <em>full</em> or <em>partial domain-name</em>, hosts whose names match
or end in this string are denied access. </li>
<li>If <em>full IP address</em>, only IP address of a host are denied access. </li>
<li>If <em>partial IP address</em>, only the first 1 to 3 bytes of an IP address,
for subnet restriction. </li>
<li>If <em>network/netmask</em>, a network a.b.c.d. And a net mask w.x.y.z.
Can be used for fine-grained subnet restriction (for example, 10.2.0.0/255.255.0.0). </li>
<li>If <em>network/nnn CIDR specification</em>, it is similar to the previous
case, except the netmask consists of nnn higher-order 1 bits (for example,
10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0).</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> This compares whole components (ibm.com would not match <em>QIBMibm.com</em>). </div>
</dd>
</dl>
<p>The deny from env option controls access to a directory by the existence
(or nonexistence) of an environment variable. For example: </p>
<pre class="block">BrowserMatch ^BadRobot/0.9 go_away
&lt;Directory /docroot&gt;
order allow,deny
allow from all
deny from env=go_away
&lt;/Directory&gt;</pre>
<p>In this case browsers with the user-agent string BadRobot/0.9 will be denied
access, and all others will be allowed.</p>
<p>See also <a href="#allow">Allow</a> and <a href="#order">Order</a>. </p>
</div>
</div>
<div class="hr" id="order"><a name="order"><!-- --></a><h2 class="topictitle2">Order</h2>
<div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="void" border="0" rules="none"><tbody><tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Module">Module</a></strong>: mod_access</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Syntax">Syntax</a></strong>: order <em>ordering</em></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Default">Default</a></strong>: order deny,allow</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Context">Context</a></strong>: <span id="order__order_context"><a name="order__order_context"><!-- --></a>directory, .htaccess</span></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Override">Override</a></strong>: Limit</td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Origin">Origin</a></strong>: <span id="order__order_origin"><a name="order__order_origin"><!-- --></a>Modified</span></td>
</tr>
<tr><td colspan="2" valign="top"><strong><a href="rzaiedirective-dict.htm#rzaiedirective-dict__Example">Example</a></strong>: order deny,allow</td>
</tr>
</tbody>
</table>
</div>
<p>The order directive controls the order in which Allow and Deny directives
are evaluated. .</p>
<dl class="block"><dt class="dlterm"><strong>Parameter</strong>: <em>ordering</em></dt>
<dd><ul><li>If <em>deny,allow</em>, the deny directives are evaluated before the allow
directives (the initial state is OK).</li>
<li>If <em>allow,deny</em>, the allow directives are evaluated before the deny
directives (the initial state is FORBIDDEN).</li>
<li>If <em>mutual-failure</em>, only those hosts which appear on the allow list
and do not appear on the deny list are granted access (the initial state is
irrelevant). </li>
</ul>
</dd>
</dl>
<p>Keywords may only be separated by a comma; no whitespace is allowed between
them. Note: that in all cases every allow and deny statement is evaluated,
there is no "short-circuiting". For Example: </p>
<pre class="block">order deny,allow
deny from all
allow from .ibm.com</pre>
<p>In this example, the first container's intent is to keep everyone out.
The next container overrides for the appropriate subdirectory. </p>
<pre class="block">&lt;Directory/&gt;
Order deny,allow
deny from all
allow from none
&lt;/Directory&gt;
Alias /root /bobtest/xyz/html
&lt;Directory /bobtest/xyz/html/&gt;
Order allow,deny
allow from all
Authtype Basic
AuthName "root and %%SYSTEM%%"
PasswdFile %%SYSTEM%%
Require valid-user
UserID %%SYSTEM%%
&lt;/Directory&gt;</pre>
<p>Hosts in the ibm.com domain
are allowed access; all other hosts are denied access.</p>
</div>
</div>
</body>
</html>