Supported .htaccess Directives

The following .htaccess directives are supported in this release:

allow

Syntax

Allows from host where:

• host is all, to allow access from all client hosts

• host is all or the last part of a DNS host name

• host is a full or partial IP address

Does not need to be enclosed within a <Limit> or <LimitExcept> range but usually is.

Effect

Allows access to the specified hosts. Normally appears inside a <Limit> range.

deny

Syntax

Deny from host where:

• host is all, to deny access from all client hosts

• host is all or the last part of a DNS host name

• host is a full or partial IP address

Does not need to be enclosed in a <Limit> <LimitExcept> range but usually is.

Effect

Denies access to the specified hosts. Normally appears inside a <Limit> range.

AuthGroupFile

Syntax

AuthGroupFile filename where filename is the name of file containing group definitions in the form: groupname: user user.

Must not appear within a <Limit> or <LimitExcept> range.

Effect

Specifies that the named group file is to be used for any group definitions referenced in a require group directive. Note that if the filename specified in an AuthGroupFile directive is the same as the filename in an AuthUserFile directive, the file is assumed to contain users and groups in the format:

username:DES-encrypted-password:comma-separated-list-of-groups

AuthUserFile

Syntax

AuthUserFile filename where:

• filename is the name of file containing user definitions in the form: username:password

• username is a user login name, and password is the DES-encrypted password.

Must not appear within a <Limit> or <LimitExcept> range.

Effect

Specifies that the named user file is to be used for any user names referenced in a require user or require valid-user directive.

Note that the use of groups-with-users=yes in the Init fn=htaccess-init directive in obj.conf, or specifying an AuthGroupFile directive with the same filename, causes that file to be assumed to be in the format:

username:DES-encrypted-password:comma-separated-list-of-groups

AuthName

Syntax

AuthName authentication realm where authentication realm is a string identifying an authorization realm to be associated with any request for user authentication.

Must not appear within a <Limit> or <LimitExcept> range.

Effect

The authentication realm string typically appears in the prompt for username and password on the client side. It may affect caching of username and password on the client.

AuthType

Syntax

AuthType Basic. Must not appear within a <Limit> or <LimitExcept> range.

Effect

Specifies the user authentication method as HTTP Basic Authentication, the only method currently supported.

<Limit>

Syntax

<Limit method method ...>

allow, deny, order, or require directives

</Limit>

where method is an HTTP method such as GET, POST, or PUT. Any method that the web server understands can be used here.

Effect

Applies the enclosed directives only for requests using the specified HTTP methods.

<LimitExcept>

Syntax

<LimitExcept method method ...>
allow, deny, order, or require directives
</LimitExcept>

where method is an HTTP method such as GET, POST, or PUT. Any method that the web server understands can be used here.

Effect

Applies the enclosed directives only for requests types not matching the specified HTTP methods.

order

Syntax

Order ordering where ordering is one of:

• allow, deny

• deny, allow

• mutual-failure

Does not need to be enclosed within a <Limit> or <LimitExcept> range, but usually is.

Effect

• allows, denies, evaluates allow directives and then deny directives

• denies, allows, evaluates deny directives and then allow directives

• mutual-failure denies access for a host listed in both allow and deny directives, regardless of their ordering

require

Syntax

• require group groupname groupname

• require user username username

• require valid-user

Does not need to be enclosed within a <Limit> or <LimitExcept> range, but usually is.

Effect

• require group requires the authenticated user to be a member of one of the specified groups.

• require user requires the authenticated user to be one of the specified users.

• require valid-user requires an authenticated user.