Allow Hosts


Description

Specifies hosts which are allowed. In general, if a host has not been specifically denied by a deny directive, it will be allowed. Therefore, this is used to override a deny directive, either in the same limit section, or in a limit section in a parent directory.

Parameters

One or more hosts, each of which may be any one of the following:
all
Any host is allowed.
Domain name
A name that begins with a dot (e.g. .inetmi.com). The server will attempt to match the domain name with the last part of the client's host name. For this to work, Domain name lookup must be configured to get a host name for the client.
Host name
A name that does not begin with a dot (e.g. xyz.inetmi.com) The server will attempt to match the host name exactly with the client's host name. For this to work, Domain name lookup must be configured to get a host name for the client.
Partial IP address
First one to three bytes of an IP address for subnet restriction (e.g. 123.456.789). The server will attempt to match the partial IP address with the first part of the client's IP address. For this to work, Domain name lookup must be configured to get the IP address for the client.
Full IP address
All four bytes of an IP address (e.g. 111.222.333.444). The server will attempt to match the full IP address exactly with the client's IP address. For this to work, Domain name lookup must be configured to get the IP address for the client.

Of the above ways to specify a host, the partial and full IP address is more secure than the host name and domain name. It would be harder for a client to intentionally return a wrong IP address than it would be to return a wrong host name.

In addition to the problems with intentionally wrong host names, it may be that the client returns a wrong host name for other reasons, such as accessing the server through a firewall.

Default If No Entry Found

There is no default for this directive.

Command To Change This Value


File Syntax

allow from host [host] ...

This directive is only valid within a limit section in the directory based configuration file

More than one entry may exist in a limit section. If more than one entry is found, it will be as if all hosts on all allow from lines had been listed on the same line.


Also See