Apache Allow/Deny/Order Directives

Last updated:

This is mostly just a helpful note to my future self, but hopefully will help others who are frustrated with the shitty documentation of these Apache directives on the net.

The Allow directive takes an IP address or a hostname, like Allow from The Deny directive does the same thing, but with the word Deny.

If a request matches at least one Allow directive and no Deny directives, it's allowed. If it matches at least one Deny and no Allows, it's denied.

If a request matches at least one of each, or matches none of them, the Order directive determines the default action. Order Deny,Allow allows requests in these two situations, while Order Allow,Deny denies them.

The ordering of these directives has no effect, but traditionally the Order directive is put first, followed by the Allow and Deny ones.

If all you want to do is deny a few IPs, you can get by with just:

Order Deny,Allow
Deny from
Deny from

This'll deny the specific things you want to kill, and then allow everything else by default.

Note to self: NearlyFreeSpeech doesn't allow access control via .htaccess, due to their network architecture. Instead, set them up in the Site tab, under "IP Access Control".

(a limited set of Markdown is supported)