Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_access_module.xml @ 781:1ff2580fd5de
Regenerated.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 11 Dec 2012 08:12:11 +0000 |
parents | 764fbac1b8b4 |
children | d7991f499d9f |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Igor Sysoev Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_access_module" link="/en/docs/http/ngx_http_access_module.html" lang="en" rev="1"> <section id="summary"> <para> The <literal>ngx_http_access_module</literal> module allows to limit access to certain client IP addresses. </para> <para> Access can also be limited by <link doc="ngx_http_auth_basic_module.xml">password</link>. Simultaneous limitation of access by address and by password is controlled by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. </para> </section> <section id="example" name="Example Configuration"> <para> <example> location / { deny 192.168.1.1; allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; } </example> </para> <para> The rules are checked in sequence until the first match is found. In this example, an access is allowed only for IPv4 networks <literal>10.1.1.0/16</literal> and <literal>192.168.1.0/24</literal> excluding the address <literal>192.168.1.1</literal>, and for IPv6 network <literal>2001:0db8::/32</literal>. In case of a lot of rules, the use of the <link doc="ngx_http_geo_module.xml">ngx_http_geo_module</link> module variables is preferable. </para> </section> <section id="directives" name="Directives"> <directive name="allow"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>all</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Allows access for the specified network or address. </para> </directive> <directive name="deny"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>all</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Denies access for the specified network or address. </para> </directive> </section> </module>