deny


Syntax: deny from host host ...
Context: directory, .htaccess
Override: Limit
Status: Base
Module: mod_access

The deny directive affects which hosts can access a given directory. Host is one of the following:

all
all hosts are denied access
A (partial) domain-name
host whose name is, or ends in, this string are denied access.
A full IP address
An IP address of a host denied access
A partial IP address
The first 1 to 3 bytes of an IP address, for subnet restriction.
A network/netmask pair (Apache 1.3 and later)
A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction. (i.e., 10.1.0.0/255.255.0.0)
A network/nnn CIDR specification (Apache 1.3 and later)
Similar to the previous case, except the netmask consists of nnn high-order 1 bits. (i.e., 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0)

Example:

deny from 16

All hosts in the specified network are denied access.

Note that this compares whole components; bar.edu would not match foobar.edu.

See also allow and order.

Syntax: deny from env=variablename
Context: directory, .htaccess
Override: Limit
Status: Base
Module: mod_access
Compatibility: Apache 1.2 and above

The deny from env directive controls access to a directory by the existence (or non-existence) of an environment variable.

Example:

BrowserMatch ^BadRobot/0.9 go_away
<Directory /docroot>
    order allow,deny
    allow from all
    deny from env=go_away
</Directory>
In this case browsers with the user-agent string BadRobot/0.9 will be denied access, and all others will be allowed.

See also allow from env and order.