Controlling access with environment variables – Oracle B12255-01 User Manual
Page 138
Authentication and Authorization Enforcement
8-8
Oracle HTTP Server Administrator’s Guide
Controlling Access with Environment Variables
You can use arbitrary environment
variables for access control, instead of using IP addresses or domain names. Use
BrowserMatch
and SetEnvIf directives for this type of access control.
Use BrowserMatch when you want to base access on the type of browser used to
send a request. For instance, if you want to allow access only to requests that come
from a Netscape browser, then use the syntax shown in
:
Example 8–6
Controlling Access with Environment Variables
BrowserMatch ^Mozilla netscape_browser
<Directory /mozilla-area/>
order deny,allow
deny from all
allow from env=netscape_browser
</Directory>
Use SetEnvIf when you want to base access on header information contained in
the HTTP request. For instance, if you want to deny access from any browsers using
HTTP version 1.0 or earlier, then use the syntax shown in
:
Example 8–7
Controlling Access with SetEnv
SetEnvIf Request_Protocol ^HTTP/1.1 http_11_ok
<Directory /http1.1only/>
order deny,allow
deny from all
allow from env=http_11_ok
</Directory>
Note:
Typically, BrowserMatch and SetEnvIf are not used to
implement security policies. Instead they are used to provide
different handling of requests based on browser types and versions.
See Also: