docs/manual/mod/mod_authz_host.html.en - httpd - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
 <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
 <!--
         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
               This file is generated from xml source: DO NOT EDIT
         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
       -->
 <title>mod_authz_host - Apache HTTP Server Version 2.4</title>
 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
 <script src="../style/scripts/prettify.min.js" type="text/javascript">
 </script>

 <link href="../images/favicon.ico" rel="shortcut icon" /></head>
 <body>
 <div id="page-header">
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
 <p class="apache">Apache HTTP Server Version 2.4</p>
 <img alt="" src="../images/feather.png" /></div>
 <div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
 <div id="path">
 <a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Modules</a></div>
 <div id="page-content">
 <div id="preamble"><h1>Apache Module mod_authz_host</h1>
 <div class="toplang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_authz_host.html" title="English">&nbsp;en&nbsp;</a> |
 <a href="../fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
 </div>
 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group authorizations based on host (name or IP
 address)</td></tr>
 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>authz_host_module</td></tr>
 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_authz_host.c</td></tr>
 <tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>The <code>forward-dns</code> provider was added in 2.4.19</td></tr></table>
 <h3>Summary</h3>

     <p>The authorization providers implemented by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> are
     registered using the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
     directive. The directive can be referenced within a
     <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>,
     <code class="directive"><a href="../mod/core.html#files">&lt;Files&gt;</a></code>,
     or <code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code> section
     as well as <code><a href="core.html#accessfilename">.htaccess</a>
     </code> files to control access to particular parts of the server.
     Access can be controlled based on the client hostname or IP address.</p>

     <p>In general, access restriction directives apply to all
     access methods (<code>GET</code>, <code>PUT</code>,
     <code>POST</code>, etc). This is the desired behavior in most
     cases. However, it is possible to restrict some methods, while
     leaving other methods unrestricted, by enclosing the directives
     in a <code class="directive"><a href="../mod/core.html#limit">&lt;Limit&gt;</a></code> section.</p>
 </div>
 <div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3>Topics</h3>
 <ul id="topics">
 <li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
 </ul><h3 class="directives">Directives</h3>
 <p>This module provides no
             directives.</p>
 <h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_authz_host">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_authz_host">Report a bug</a></li></ul><h3>See also</h3>
 <ul class="seealso">
 <li><a href="../howto/auth.html">Authentication, Authorization,
     and Access Control</a></li>
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
 <li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>

     <p>Apache's <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
     directive is used during the authorization phase to ensure that a user is allowed or
     denied access to a resource.  mod_authz_host extends the
     authorization types with <code>ip</code>, <code>host</code>,
     <code>forward-dns</code> and <code>local</code>.
     Other authorization types may also be
     used but may require that additional authorization modules be loaded.</p>

     <p>These authorization providers affect which hosts can
     access an area of the server. Access can be controlled by
     hostname, IP Address, or IP Address range.</p>

     <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported
     within the host require directives.</p>

 <h3><a name="reqip" id="reqip">Require ip</a></h3>

     <p>The <code>ip</code> provider allows access to the server
     to be controlled based on the IP address of the remote client.
     When <code>Require ip <var>ip-address</var></code> is specified,
     then the request is allowed access if the IP address matches.</p>

     <p>A full IP address:</p>

     <pre class="prettyprint lang-config">Require ip 10.1.2.3
 Require ip 192.168.1.104 192.168.1.205</pre>


     <p>An IP address of a host allowed access</p>

     <p>A partial IP address:</p>

     <pre class="prettyprint lang-config">Require ip 10.1
 Require ip 10 172.20 192.168.2</pre>

     <p>The first 1 to 3 bytes of an IP address, for subnet
     restriction.</p>

     <p>A network/netmask pair:</p>

     <pre class="prettyprint lang-config">Require ip 10.1.0.0/255.255.0.0</pre>

     <p>A network a.b.c.d, and a netmask w.x.y.z. For more
     fine-grained subnet restriction.</p>

     <p>A network/nnn CIDR specification:</p>

     <pre class="prettyprint lang-config">Require ip 10.1.0.0/16</pre>

     <p>Similar to the previous case, except the netmask consists of
     nnn high-order 1 bits.</p>

     <p>Note that the last three examples above match exactly the
     same set of hosts.</p>

     <p>IPv6 addresses and IPv6 subnets can be specified as shown
     below:</p>

     <pre class="prettyprint lang-config">Require ip 2001:db8::a00:20ff:fea7:ccea
 Require ip 2001:db8:1:1::a
 Require ip 2001:db8:2:1::/64
 Require ip 2001:db8:3::/48</pre>


     <p>Note: As the IP addresses are parsed on startup, expressions are
     not evaluated at request time.</p>


 <h3><a name="reqhost" id="reqhost">Require host</a></h3>

     <p>The <code>host</code> provider allows access to the server
     to be controlled based on the host name of the remote client.
     When <code>Require host <var>host-name</var></code> is specified,
     then the request is allowed access if the host name matches.</p>

     <p>A (partial) domain-name</p>

     <pre class="prettyprint lang-config">Require host example.org
 Require host .net example.edu</pre>


     <p>Hosts whose names match, or end in, this string are allowed
     access. Only complete components are matched, so the above
     example will match <code>foo.example.org</code> but it will not
     match <code>fooexample.org</code>. This configuration will cause
     Apache to perform a double reverse DNS lookup on the client IP
     address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> directive.  It will do
     a reverse DNS lookup on the IP address to find the associated
     hostname, and then do a forward lookup on the hostname to assure
     that it matches the original IP address.  Only if the forward
     and reverse DNS are consistent and the hostname matches will
     access be allowed.</p>


 <h3><a name="reqfwddns" id="reqfwddns">Require forward-dns</a></h3>

     <p>The <code>forward-dns</code> provider allows access to the server
     to be controlled based on simple host names.  When
     <code>Require forward-dns <var>host-name</var></code> is specified,
     all IP addresses corresponding to <code><var>host-name</var></code>
     are allowed access.</p>

     <p>In contrast to the <code>host</code> provider, this provider does not
     rely on reverse DNS lookups: it simply queries the DNS for the host name
     and allows a client if its IP matches.  As a consequence, it will only
     work with complete host names that can be resolved in DNS, not partial domain names.
     However, as the reverse DNS is not used, and DNS lookups occur at request processing
     time (instead of startup), it will work with clients which use a dynamic DNS service.</p>

     <pre class="prettyprint lang-config">Require forward-dns dynamic.example.org</pre>


     <p>A client the IP of which is resolved from the name
     <code>dynamic.example.org</code> will be granted access.</p>

     <p>The <code>forward-dns</code> provider was added in 2.4.19.</p>


 <h3><a name="reqlocal" id="reqlocal">Require local</a></h3>

     <p>The <code>local</code> provider allows access to the server if any
     of the following conditions is true:</p>

     <ul>
         <li>the client address matches 127.0.0.0/8</li>
         <li>the client address is ::1</li>
         <li>both the client and the server address of the connection are
         the same</li>
     </ul>

     <p>This allows a convenient way to match connections that originate from
     the local host:</p>

     <pre class="prettyprint lang-config">Require local</pre>


 <h3><a name="proxy" id="proxy">Security Note</a></h3>

     <p>If you are proxying content to your server, you need to be aware
     that the client address will be the address of your proxy server,
     not the address of the client, and so using the <code>Require</code>
     directive in this context may not do what you mean. See
     <code class="module"><a href="../mod/mod_remoteip.html">mod_remoteip</a></code> for one possible solution to this
     problem.</p>


 </div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_authz_host.html" title="English">&nbsp;en&nbsp;</a> |
 <a href="../fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
 </div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
 <script type="text/javascript"><!--//--><![CDATA[//><!--
 var comments_shortname = 'httpd';
 var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html';
 (function(w, d) {
     if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
         d.write('<div id="comments_thread"><\/div>');
         var s = d.createElement('script');
         s.type = 'text/javascript';
         s.async = true;
         s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
         (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
     }
     else {
         d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
     }
 })(window, document);
 //--><!]]></script></div><div id="footer">
 <p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
 if (typeof(prettyPrint) !== 'undefined') {
     prettyPrint();
 }
 //--><!]]></script>
 </body></html>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
	<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
	<!--
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	This file is generated from xml source: DO NOT EDIT
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	-->
	<title>mod_authz_host - Apache HTTP Server Version 2.4</title>
	<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
	<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
	<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
	<script src="../style/scripts/prettify.min.js" type="text/javascript">
	</script>

	<link href="../images/favicon.ico" rel="shortcut icon" /></head>
	<body>
	<div id="page-header">
	<p class="menu"><a href="../mod/">Modules</a> \| <a href="../mod/directives.html">Directives</a> \| <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> \| <a href="../glossary.html">Glossary</a> \| <a href="../sitemap.html">Sitemap</a></p>
	<p class="apache">Apache HTTP Server Version 2.4</p>
	<img alt="" src="../images/feather.png" /></div>
	<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
	<div id="path">
	<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Modules</a></div>
	<div id="page-content">
	<div id="preamble"><h1>Apache Module mod_authz_host</h1>
	<div class="toplang">
	<p><span>Available Languages: </span><a href="../en/mod/mod_authz_host.html" title="English"> en </a> \|
	<a href="../fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p>
	</div>
	<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group authorizations based on host (name or IP
	address)</td></tr>
	<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
	<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>authz_host_module</td></tr>
	<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_authz_host.c</td></tr>
	<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>The <code>forward-dns</code> provider was added in 2.4.19</td></tr></table>
	<h3>Summary</h3>

	<p>The authorization providers implemented by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> are
	registered using the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
	directive. The directive can be referenced within a
	<code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>,
	<code class="directive"><a href="../mod/core.html#files"><Files></a></code>,
	or <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section
	as well as <code><a href="core.html#accessfilename">.htaccess</a>
	</code> files to control access to particular parts of the server.
	Access can be controlled based on the client hostname or IP address.</p>

	<p>In general, access restriction directives apply to all
	access methods (<code>GET</code>, <code>PUT</code>,
	<code>POST</code>, etc). This is the desired behavior in most
	cases. However, it is possible to restrict some methods, while
	leaving other methods unrestricted, by enclosing the directives
	in a <code class="directive"><a href="../mod/core.html#limit"><Limit></a></code> section.</p>
	</div>
	<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3>Topics</h3>
	<ul id="topics">
	<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
	</ul><h3 class="directives">Directives</h3>
	<p>This module provides no
	directives.</p>
	<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=mod_authz_host">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=mod_authz_host">Report a bug</a></li></ul><h3>See also</h3>
	<ul class="seealso">
	<li><a href="../howto/auth.html">Authentication, Authorization,
	and Access Control</a></li>
	<li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
	<li><a href="#comments_section">Comments</a></li></ul></div>
	<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
	<div class="section">
	<h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>

	<p>Apache's <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
	directive is used during the authorization phase to ensure that a user is allowed or
	denied access to a resource. mod_authz_host extends the
	authorization types with <code>ip</code>, <code>host</code>,
	<code>forward-dns</code> and <code>local</code>.
	Other authorization types may also be
	used but may require that additional authorization modules be loaded.</p>

	<p>These authorization providers affect which hosts can
	access an area of the server. Access can be controlled by
	hostname, IP Address, or IP Address range.</p>

	<p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported
	within the host require directives.</p>

	<h3><a name="reqip" id="reqip">Require ip</a></h3>

	<p>The <code>ip</code> provider allows access to the server
	to be controlled based on the IP address of the remote client.
	When <code>Require ip <var>ip-address</var></code> is specified,
	then the request is allowed access if the IP address matches.</p>

	<p>A full IP address:</p>

	<pre class="prettyprint lang-config">Require ip 10.1.2.3
	Require ip 192.168.1.104 192.168.1.205</pre>


	<p>An IP address of a host allowed access</p>

	<p>A partial IP address:</p>

	<pre class="prettyprint lang-config">Require ip 10.1
	Require ip 10 172.20 192.168.2</pre>

	<p>The first 1 to 3 bytes of an IP address, for subnet
	restriction.</p>

	<p>A network/netmask pair:</p>

	<pre class="prettyprint lang-config">Require ip 10.1.0.0/255.255.0.0</pre>

	<p>A network a.b.c.d, and a netmask w.x.y.z. For more
	fine-grained subnet restriction.</p>

	<p>A network/nnn CIDR specification:</p>

	<pre class="prettyprint lang-config">Require ip 10.1.0.0/16</pre>

	<p>Similar to the previous case, except the netmask consists of
	nnn high-order 1 bits.</p>

	<p>Note that the last three examples above match exactly the
	same set of hosts.</p>

	<p>IPv6 addresses and IPv6 subnets can be specified as shown
	below:</p>

	<pre class="prettyprint lang-config">Require ip 2001:db8::a00:20ff:fea7:ccea
	Require ip 2001:db8:1:1::a
	Require ip 2001:db8:2:1::/64
	Require ip 2001:db8:3::/48</pre>


	<p>Note: As the IP addresses are parsed on startup, expressions are
	not evaluated at request time.</p>



	<h3><a name="reqhost" id="reqhost">Require host</a></h3>

	<p>The <code>host</code> provider allows access to the server
	to be controlled based on the host name of the remote client.
	When <code>Require host <var>host-name</var></code> is specified,
	then the request is allowed access if the host name matches.</p>

	<p>A (partial) domain-name</p>

	<pre class="prettyprint lang-config">Require host example.org
	Require host .net example.edu</pre>


	<p>Hosts whose names match, or end in, this string are allowed
	access. Only complete components are matched, so the above
	example will match <code>foo.example.org</code> but it will not
	match <code>fooexample.org</code>. This configuration will cause
	Apache to perform a double reverse DNS lookup on the client IP
	address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> directive. It will do
	a reverse DNS lookup on the IP address to find the associated
	hostname, and then do a forward lookup on the hostname to assure
	that it matches the original IP address. Only if the forward
	and reverse DNS are consistent and the hostname matches will
	access be allowed.</p>



	<h3><a name="reqfwddns" id="reqfwddns">Require forward-dns</a></h3>

	<p>The <code>forward-dns</code> provider allows access to the server
	to be controlled based on simple host names. When
	<code>Require forward-dns <var>host-name</var></code> is specified,
	all IP addresses corresponding to <code><var>host-name</var></code>
	are allowed access.</p>

	<p>In contrast to the <code>host</code> provider, this provider does not
	rely on reverse DNS lookups: it simply queries the DNS for the host name
	and allows a client if its IP matches. As a consequence, it will only
	work with complete host names that can be resolved in DNS, not partial domain names.
	However, as the reverse DNS is not used, and DNS lookups occur at request processing
	time (instead of startup), it will work with clients which use a dynamic DNS service.</p>

	<pre class="prettyprint lang-config">Require forward-dns dynamic.example.org</pre>


	<p>A client the IP of which is resolved from the name
	<code>dynamic.example.org</code> will be granted access.</p>

	<p>The <code>forward-dns</code> provider was added in 2.4.19.</p>


	<h3><a name="reqlocal" id="reqlocal">Require local</a></h3>

	<p>The <code>local</code> provider allows access to the server if any
	of the following conditions is true:</p>

	<ul>
	<li>the client address matches 127.0.0.0/8</li>
	<li>the client address is ::1</li>
	<li>both the client and the server address of the connection are
	the same</li>
	</ul>

	<p>This allows a convenient way to match connections that originate from
	the local host:</p>

	<pre class="prettyprint lang-config">Require local</pre>




	<h3><a name="proxy" id="proxy">Security Note</a></h3>

	<p>If you are proxying content to your server, you need to be aware
	that the client address will be the address of your proxy server,
	not the address of the client, and so using the <code>Require</code>
	directive in this context may not do what you mean. See
	<code class="module"><a href="../mod/mod_remoteip.html">mod_remoteip</a></code> for one possible solution to this
	problem.</p>



	</div>
	</div>
	<div class="bottomlang">
	<p><span>Available Languages: </span><a href="../en/mod/mod_authz_host.html" title="English"> en </a> \|
	<a href="../fr/mod/mod_authz_host.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p>
	</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
	<script type="text/javascript"><!--//--><![CDATA[//><!--
	var comments_shortname = 'httpd';
	var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html';
	(function(w, d) {
	if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
	d.write('<div id="comments_thread"><\/div>');
	var s = d.createElement('script');
	s.type = 'text/javascript';
	s.async = true;
	s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
	(d.getElementsByTagName('head')[0] \|\| d.getElementsByTagName('body')[0]).appendChild(s);
	}
	else {
	d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
	}
	})(window, document);
	//--><!]]></script></div><div id="footer">
	<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
	<p class="menu"><a href="../mod/">Modules</a> \| <a href="../mod/directives.html">Directives</a> \| <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> \| <a href="../glossary.html">Glossary</a> \| <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
	if (typeof(prettyPrint) !== 'undefined') {
	prettyPrint();
	}
	//--><!]]></script>
	</body></html>