Apache Reference: mod_access, Deny

Deny

Deny Access by Host Name or IP Address
Syntax: Deny from source [from source ...]
Example: Deny from all
Since: Apache 1.0

This directive specifies which hosts cannot access a given directory. The argument source can be one of the following: ``all'' to deny access from all hosts; a (partial) domain name to deny access from hosts whose names match, or end in, the specified string; a full IP address (such as ``192.168.1.2'') to deny access from only this particular IP address; a partial IP address (first one to three bytes of an IP address, such as ``192.168.1'') for subnet access restriction; a network/net mask pair (such as ``192.168.==0.0/==255.255.0.0'') for more fine-grained subnet restriction; or a network/CIDR specification (such as ``192.168.0.0/16'') for more fine-grained subnet restriction.

In addition, source can be of the form ``env=variable'', which controls access to a directory through the existence (or nonexistence) of an environment variable named variable. Notice that this directive always compares whole components; hence ``bar.edu'' would not match ``foobar.edu''.