Controlling access with environment variables – Oracle B12255-01 User Manual

Authentication and Authorization Enforcement

8-8

Oracle HTTP Server Administrator’s Guide

Controlling Access with Environment Variables

You can use arbitrary environment

variables for access control, instead of using IP addresses or domain names. Use
BrowserMatch

and SetEnvIf directives for this type of access control.

Use BrowserMatch when you want to base access on the type of browser used to
send a request. For instance, if you want to allow access only to requests that come
from a Netscape browser, then use the syntax shown in

Example 8–6

:

Example 8–6

Controlling Access with Environment Variables

BrowserMatch ^Mozilla netscape_browser

order deny,allow

deny from all

allow from env=netscape_browser

Use SetEnvIf when you want to base access on header information contained in
the HTTP request. For instance, if you want to deny access from any browsers using
HTTP version 1.0 or earlier, then use the syntax shown in

Example 8–7

:

Example 8–7

Controlling Access with SetEnv

SetEnvIf Request_Protocol ^HTTP/1.1 http_11_ok

order deny,allow

deny from all

allow from env=http_11_ok

Note:

Typically, BrowserMatch and SetEnvIf are not used to

implement security policies. Instead they are used to provide
different handling of requests based on browser types and versions.

See Also:

"Scope of Directives"

on page 2-4