====== Access Control Lists ======

Ampache supports internal Access Control Lists, these are IP/DNS based restrictions on different actions and interactions with Ampache. By Default Access Controls lists are turned off in Ampache. In order to turn them on you must modify the /config/ampache.cfg.php and set access_control to true

  ; Use Access List
  ; Toggle this on if you want ampache to pay attention to the access list
  ; and only allow streaming/downloading/xml-rpc from known hosts xml-rpc 
  ; will not work without this on.
  ; NOTE: Default Behavior is DENY FROM ALL
  ; DEFAULT: false
  ;access_control = "false"

The default configuration of Ampache's ACLs when enabled is Deny From All. There are a few different types, and levels 

===== Start IP & End IP =====

This is a range of IP addresses represented by a pair of dotted quad's. This does not have to be within a subnet boundary. Currently only IPV4 is supported.


**Any IP Address**

  0.0.0.0 - 255.255.255.255

**Any 10.x IP Address**

  10.0.0.0 - 10.255.255.255


===== ACL Types =====

  * **Interface** //Access to the web interface//
    * Restricts Login based on IP
    * Defaults to DENY FROM ALL
  * **Streaming** //Controls streaming/downloading access//
    * Restricts access to /play/index.php based on IP + USER
    * Defaults to DENY FROM ALL
  * **Local Network** //Local network ACL//
    * Used by the downsample remote configuration option
    * Tells Ampache which IP addresses should be considered local to the server and which ones are remote
    * Default not applicable 
  * **RPC** //Used to control remote access to your Ampache installation//
    * Remote access to the [[dev:XmlApi|XML API]] 
    * Remote Sync using XML-RPC. 
    * Restricts based on IP + USER + KEY, KEY may not be blank
    * Defaults to DENY FROM ALL

===== ACL Users =====

Ampache allows you to define different ACLs to different users. This can be useful for defining connecting an API calls to a username, or to limiting a specific user's streaming access regardless of their IP Address. The default is 'system' which will apply to all users of Ampache. 

===== Access Levels =====

This setting is not fully implemented, more on this later

===== Setting up an ACL =====

ACl's can only be created by Full Administrators. You can find them under the Admin Menu under the submenu Access Control