deny directive

Purpose

The deny directive affects which hosts can access a given directory with a given method.

Scope

This directive is only available within Limit sections.

Syntax

deny from host1 host2 ... hostn

host is one of the following:

A domain name
A domain name, like .ncsa.uiuc.edu, which host names must end in to be denied.
A host name A full host name.
A full IP address
An IP address of a host.
A partial IP address
The first 1-3 bytes of an IP address, for subnet restriction.
Note: This is accomplished by doing a strncmp, so in order to actually match bytes, you need to have the trailing dot, ie: 128.174.5 will match host 128.174.50.7, whereas 128.174.5. will not.
The keyword all
This means that all hosts will be denied.

File

access.conf

Default

The default is to restrict to none.

Example

<Limit GET PUT>
order deny,allow
deny from all
allow from .ncsa.uiuc.edu
</Limit>

For this directory, the server evaluates the deny directive first for the GET and POST methods. So, nobody can read or POST to anything in this directory. It then evaluates the allow directive, and decides to allow clients from .ncsa.uiuc.edu to GET and POST to files here.

Return to access configuration overview

NCSA HTTPd Development Team / httpd@ncsa.uiuc.edu / Last Modified 7-12-95