W3-Video WEB Tutorials

w3-video.com is a Free eLearning Website with over 500 video tutorials on HTML5, XAMPP, .htaccess, Firefox, Notepad++

.htaccess Tutorial

Home HTML5 XAMPP .htaccess Firefox Notepad++


7. Order Allow, Deny EXAMPLES | .htaccess Tutorial


Share it

Order Allow, Deny Rules

Please Remember these simple Rules:

  1. IF only 1 directive (Allow, Deny) is matched → the matched directive is honored
  2. IF no directive (Allow, Deny) matched or both directives (Allow, Deny) matched → the honored directive is the last directive

Also, note that,

  • Allow from 174.129.237.157
    Deny from 178.137.166.68
    is the same with
    Deny from 178.137.166.68
    Allow from 174.129.237.157

While,

  • Order Allow,Deny
    is different from
    Order Deny,Allow

Note:

  • Order Allow,Deny
    last directive is Deny
    Order Deny,Allow
    last directive is Allow

Order Allow, Deny Examples

1. Allow from all

1
2		Order Allow,Deny
Allow from all
or
1
2		Order Deny,Allow
Allow from all

Explained:

  • requests from any IP match 1 directive, Allow => Allow

2. Deny from all

1
2		Order Allow,Deny
Deny from all
or
1
2		Order Deny,Allow
Deny from all
or simply
1Deny from all

Explained:

  • requests from any IP match 1 directive, Deny => Deny

3. Deny from all, allow from specific IP addresses

1
2
3
4
5		Order Deny,Allow
Deny from all
Allow from 66.249.79.76
Allow from 174.129.237.157
...

Explained:

  • requests from Allowed IPs 66.249.79.76, 174.129.237.157... match both directives => last directive honored (see Line1: "Order Deny,Allow") => Allow
  • requests from IPs other than Allowed ones match 1 directive, Deny => Deny

4. Deny from specific IP addresses, allow from all

1
2
3
4
5		Order Allow,Deny
Allow from all
Deny from 178.137.166.68
Deny from 174.129.237.157
...

Explained:

  • requests from Allowed IPs 178.137.166.68, 174.129.237.157... match both directives => last directive honored => Deny
  • requests from IPs other than Denied ones match 1 directive, Allow => Allow

5. Allow from subnet except 1 IP, deny all others

1
2
3		Order Allow,Deny
Allow from 174.129.0.0/16
Deny from 174.129.237.157

Explained:

  • requests from IP 174.129.237.157 match both directives => last directive honored => Deny
  • request from IPs part of the 174.129.0.0/16 other than 174.129.237.157 => match 1 directive, Allow => Allow
  • requests from IPs outside the 174.129.0.0/16 subnet match 0 directives => last directive honored => Deny

6. Allow from specific IPs within blocked CIDR ranges, allow everyone else

1
2
3
4
5
6
7		Order Deny,Allow
Deny from 174.129.0.0/16
Deny from ...
Deny from ...
...
Allow from 174.129.237.157
...

Explained:

  • requests from IP 174.129.237.157 match both directives => last directive honored => Allow
  • request from IPs part of the 174.129.0.0/16 other than 174.129.237.157 => match 1 directive, Deny => Deny
  • requests from IPs outside the 174.129.0.0/16 match 0 directives = last directive honored => Allow