The following .htaccess directives are supported in this release:
Allows from host where:
host is all, to allow access from all client hosts
host is all or the last part of a DNS host name
host is a full or partial IP address
Does not need to be enclosed within a <Limit> or <LimitExcept> range but usually is.
Allows access to the specified hosts. Normally appears inside a <Limit> range.
Deny from host where:
host is all, to deny access from all client hosts
host is all or the last part of a DNS host name
host is a full or partial IP address
Does not need to be enclosed in a <Limit> <LimitExcept> range but usually is.
Denies access to the specified hosts. Normally appears inside a <Limit> range.
AuthGroupFile filename where filename is the name of file containing group definitions in the form: groupname: user user.
Must not appear within a <Limit> or <LimitExcept> range.
Specifies that the named group file is to be used for any group definitions referenced in a require group directive. Note that if the filename specified in an AuthGroupFile directive is the same as the filename in an AuthUserFile directive, the file is assumed to contain users and groups in the format:
username:DES-encrypted-password:comma-separated-list-of-groups
AuthUserFile filename where:
filename is the name of file containing user definitions in the form: username:password
username is a user login name, and password is the DES-encrypted password.
Must not appear within a <Limit> or <LimitExcept> range.
Specifies that the named user file is to be used for any user names referenced in a require user or require valid-user directive.
Note that the use of groups-with-users=yes in the Init fn=htaccess-init directive in obj.conf, or specifying an AuthGroupFile directive with the same filename, causes that file to be assumed to be in the format:
username:DES-encrypted-password:comma-separated-list-of-groups
AuthName authentication realm where authentication realm is a string identifying an authorization realm to be associated with any request for user authentication.
Must not appear within a <Limit> or <LimitExcept> range.
The authentication realm string typically appears in the prompt for username and password on the client side. It may affect caching of username and password on the client.
AuthType Basic. Must not appear within a <Limit> or <LimitExcept> range.
Specifies the user authentication method as HTTP Basic Authentication, the only method currently supported.
<Limit method method ...>
allow, deny, order, or require directives
</Limit>
where method is an HTTP method such as GET, POST, or PUT. Any method that the web server understands can be used here.
Applies the enclosed directives only for requests using the specified HTTP methods.
<LimitExcept method method ...> allow, deny, order, or require directives </LimitExcept>
where method is an HTTP method such as GET, POST, or PUT. Any method that the web server understands can be used here.
Applies the enclosed directives only for requests types not matching the specified HTTP methods.
Order ordering where ordering is one of:
allow, deny
deny, allow
mutual-failure
Does not need to be enclosed within a <Limit> or <LimitExcept> range, but usually is.
allows, denies, evaluates allow directives and then deny directives
denies, allows, evaluates deny directives and then allow directives
mutual-failure denies access for a host listed in both allow and deny directives, regardless of their ordering
require group groupname groupname
require user username username
require valid-user
Does not need to be enclosed within a <Limit> or <LimitExcept> range, but usually is.
require group requires the authenticated user to be a member of one of the specified groups.
require user requires the authenticated user to be one of the specified users.
require valid-user requires an authenticated user.