7. Order Allow, Deny EXAMPLES | .htaccess Tutorial
Order Allow, Deny Rules
Please Remember these simple Rules:
- IF only 1 directive (Allow, Deny) is matched → the matched directive is honored
- IF no directive (Allow, Deny) matched or both directives (Allow, Deny) matched → the honored directive is the last directive
Also, note that,
- Allow from 174.129.237.157
Deny from 178.137.166.68
is the same with
Deny from 178.137.166.68
Allow from 174.129.237.157
While,
- Order Allow,Deny
is different from
Order Deny,Allow
Note:
- Order Allow,Deny
last directive is Deny
Order Deny,Allow
last directive is Allow
Order Allow, Deny Examples
1. Allow from all
1 2 | Order Allow,Deny |
1 2 | Order Deny,Allow |
Explained:
- requests from any IP match 1 directive, Allow => Allow
2. Deny from all
1 2 | Order Allow,Deny |
1 2 | Order Deny,Allow |
1 | Deny from all |
Explained:
- requests from any IP match 1 directive, Deny => Deny
3. Deny from all, allow from specific IP addresses
1 2 3 4 5 | Order Deny,AllowDeny from all |
Explained:
- requests from Allowed IPs 66.249.79.76, 174.129.237.157... match both directives => last directive honored (see Line1: "Order Deny,Allow") => Allow
- requests from IPs other than Allowed ones match 1 directive, Deny => Deny
4. Deny from specific IP addresses, allow from all
1 2 3 4 5 | Order Allow,Deny |
Explained:
- requests from Allowed IPs 178.137.166.68, 174.129.237.157... match both directives => last directive honored => Deny
- requests from IPs other than Denied ones match 1 directive, Allow => Allow
5. Allow from subnet except 1 IP, deny all others
1 2 3 | Order Allow,Deny |
Explained:
- requests from IP 174.129.237.157 match both directives => last directive honored => Deny
- request from IPs part of the 174.129.0.0/16 other than 174.129.237.157 => match 1 directive, Allow => Allow
- requests from IPs outside the 174.129.0.0/16 subnet match 0 directives => last directive honored => Deny
6. Allow from specific IPs within blocked CIDR ranges, allow everyone else
1 2 3 4 5 6 7 | Order Deny,Allow |
Explained:
- requests from IP 174.129.237.157 match both directives => last directive honored => Allow
- request from IPs part of the 174.129.0.0/16 other than 174.129.237.157 => match 1 directive, Deny => Deny
- requests from IPs outside the 174.129.0.0/16 match 0 directives = last directive honored => Allow