4. Order Allow,Deny /Deny,Allow | .htaccess Tutorial
The Order directive indicates the processing order of the Allow, Deny directives.
The Allow directive specifies who is allowed to access the server, while the Deny directive specifies who is denied.
Syntax
1 2 | Order Allow,Deny
Order Deny,Allow |
!!! Rules:
- IF only 1 directive (Allow, Deny) is matched → the matched directive is honored
- IF no directive (Allow, Deny) matched or both directives matched → the honored directive is the last directive
- the Allow, Deny order when preceded by Order directive matters; Allow, Deny lines(statements) order does not matter
Order Allow, Deny directives - Examples
e.g. Test IP / Incoming request from: 174.129.237.157
0 directives matched → the honored directive is the last directive
no directive matched: Deny is honored → 174.129.237.157 access forbidden (403)1 2 3 | Order Allow,Deny Allow from 66.249.79.76 Deny from 178.137.166.68
|
no directive matched: Allow is honored → 174.129.237.157 access allowed (200)1 2 3 | Order Deny,Allow Allow from 66.249.79.76 Deny from 178.137.166.68
|
denies all access: → 174.129.237.157 access forbidden (403)1 | Order Allow,Deny |
allows all access: → 174.129.237.157 access allowed (200)1 | Order Deny,Allow |
1 directive matched → the matched directive is honored
Allow is honored → 174.129.237.157 access allowed (200)1 2 3
| Order Allow,Deny Allow from 66.249.79.76 174.129.237.157 Deny from 178.137.166.68 |
Deny is honored → 174.129.237.157 access forbidden (403)1 2 3
| Order Allow,Deny Allow from 66.249.79.76 Deny from 178.137.166.68 174.129.237.157 |
Deny is honored → denies from all → 174.129.237.157 access forbidden (403)1 2 | Order Deny,Allow Deny from all
|
Deny is honored → denies from all → 174.129.237.157 access forbidden (403)1 2 | Order Allow,Deny Deny from all
|
Allow is honored → allow from all → 174.129.237.157 access allowed (200)1 2 | Order Deny,Allow Allow from all
|
Allow is honored → allow from all → 174.129.237.157 access allowed (200)1 2 | Order Allow,Deny Allow from all
|
2 directives matched → the honored directive is the last directive
both directives matched: Deny is honored → 174.129.237.157 access forbidden (403)1 2 3 | Order Allow,Deny Allow from all Deny from 178.137.166.68 174.129.237.157
|
both directives matched: Allow is honored → 174.129.237.157 access allowed (200)1 2 3 | Order Deny,Allow Allow from 66.249.79.76 174.129.237.157 Deny from all
|