logo
Published on Technical articles on: Windows servers, Apache Web Server, MySQL, PHP, IIS (http://www.sitebuddy.com)

Aapache Secure Folder Access: Order Deny Allow

By chris
Created 19 Nov 2006 - 11:02pm

Aapache Secure Folder Access

You should try to completely restrict access by default and open access as appropriate. The following restricts access  to everything.

<Directory />
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

Order directive can be:
Deny,Allow
The Deny directives are evaluated before the Allow directives. Access is allowed by default. Any client which does not match a Deny directive or does match an Allow directive will be allowed access to the server.
Allow,Deny
The Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.

For example to only permit access to a certain area of your site to a particular ip (replace 12.x.x.x with a valid ip):

<Directory /myadminarea>
    Order deny,allow
    Deny from all
    Allow from 12.x.x.x
</Directory>

Reference:
Order Directive
Allow Directive
Deny Directive
Good articel on hotlinking: http://drupal.org/node/82347

Source URL:
http://www.sitebuddy.com/apache/secure_access_order_deny_allow