lets you filter clients by IP address. denies access by returning a 403 status code allows or denies access based on client IP address A key value list mapping "access" and/or "deny" keys to a list of CIDR addresses or "all". Checks the client IP address agains the rules. Default is to deny all addresses. The most precise matching rule defines the result ("192.168.100.0/24" takes precedence over "192.168.0.0/16"; similar to routing tables); if the same CIDR is in both lists the second action is taken. "all" is a synonym for "0.0.0.0/0" and "::/0", matching all IPv4 and IPv6 addresses. Limit access to clients from the local network. The deny rule isn't strictly required, as the default is to deny anyway. The smaller CIDR strings for the local networks override the global deny rule. setup { module_load "mod_access"; } access.check ( "allow" => ("127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"), "deny" => ("all") ); Limit access to clients from "192.168.10.0/24", but deny access to "192.168.10.1". As "192.168.10.1" (equivalent to "192.168.10.1/32") is a more precise match it overwrites the allow rule for the subnet "192.168.10.0/24" containing it. setup { module_load "mod_access"; } access.check ( "allow" => ("192.168.10.0/24"), "deny" => ("192.168.10.1") ); url to redirect to if access was denied (not implemented yet) not set *NOT IMPLEMENTED YET* whether to log when access was denied (with log level "info") false