W3-Video WEB Tutorials

w3-video.com is a Free eLearning Website with over 500 video tutorials on HTML5, XAMPP, .htaccess, Firefox, Notepad++

.htaccess Tutorial

Home HTML5 XAMPP .htaccess Firefox Notepad++


5. SetEnvIf Order Allow Deny | .htaccess Tutorial


Share it

SetEnvIf with Order Allow, Deny directives

The SetEnvIf directive can be used together with:

SetEnvIf with Order Allow, Deny SYNTAX:

1
2		SetEnvIf attribute regex varName=varValue
Allow from env=varName

If the request matches against the attribute that matches against the regex, then the env is set, and you can Allow/Deny based on it.

The attribute can be:

  1. an HTTP request header field:
    • Accept, Accept-Charset, Accept-Encoding, Accept-Language, Host, Range, Referer, User-Agent...
    • a set of request headers specified through a regular expression
  2. one of the followings:
    • Remote_Host, Remote_Addr, Server_Addr, Request_Method, Request_Protocol, Request_URI
  3. the name of an environment variable previousely set by SetEnvIfNoCase directive

The regex is a regular expression; must match against the attribute specified.
The varName is the name of the environment variable, your choice, with optionally a value.

SetEnvIf with Order Allow, Deny Examples

1. attribute is an HTTP request header field

Deny access (403) to Internet Explorer users
1
2		SetEnvIf User-Agent "*.Trident.*$" noIE
Deny from env=noIE
Deny access (403) to all 'ninja' users (request header field modified)
1
2		SetEnvIf User-Agent ninja ninjaout
Deny from env=ninjaout
Allow access (200) to all users coming from Host d0main1.com
1
2		SetEnvIf Host d0main1.com okdom
Allow from env=okdom
Deny access (403) to all users coming from Referer www.domainw.com
1
2		SetEnvIf Referer www.domainw.com noref
Deny from env=noref
Allow access (200) to all users that have the en language set
1
2		SetEnvIf Accept-Language en-US okUS
Allow from env=okUS

2. attribute is one of the followings: Remote_Host, Remote_Addr, Server_Addr, Request_Method, Request_Protocol, Request_URI

Deny access (403) to all users having the Host: 178-137-19-143-Ivv.broadband.kyivstar.net - requires HostnameLookups On
1
2		SetEnvIf Remote_Host 178-137-19-143-Ivv.broadband.kyivstar.net botout
Deny from env=botout
Deny access (403) to all users having the IP: 178.137.19.143
1
2		SetEnvIf Remote_Addr 178.137.19.143 user178
Deny from env=user178
Deny access (403) to referer IP: 178.137.19.143
1
2		SetEnvIf Server_Addr 178.137.19.143 no124referer
Deny from env=no124referer
Deny access (403) to users using POST methode
1
2		SetEnvIf Request_Method POST postforbidden
Deny from env=postforbidden
Deny access (403) to users making requests using HTTP/1.1 Protocol
1
2		SetEnvIf Request_Protocol "HTTP/1.1" protone
Deny from env=protone
Deny access (403) to users requesting index.html URI
1
2		SetEnvIf Request_URI "index.html" notoindexhtml
Deny from env=notoindexhtml

Video demonstration SetEnvIf with Deny directive .htaccess file

SetEnvIf, Deny directives Tutorial

min video details
00:01 SetEnvIf, Deny from env, HTTP request header field (UA) modified
00:09 the syntax is important
01:12 Example: request header field (User-Agent) modified
02:59 User-Agent modified
03:14 Noteserver access: allowed
03:38 Noteserver access: denied
03:48 Server access denied to all User-Agents with a 'ninja' value through .htaccess, directives:SetEnvIf User-Agent ninja ninjaoutDeny from env=ninjaout
04:00 The request matched against theattribute (User-Agent) that matched against the regex (ninja)→ the env was set (ninjaout) and we were able to Deny based on it
04:16 ninja UA removed, Server Access allowed

For more information about the htaccess file, please see the spec: apache.org