c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<HTML>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<HEAD>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<TITLE>Access Control by URL</TITLE>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw</HEAD>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<BODY>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<H1>Access Control by URL</H1>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<h2><a name="location">The <code>&lt;Location&gt;</code> Directive</a></h2>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<strong>Syntax:</strong> &lt;Location <em>URL prefix</em>&gt;<br>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<strong>Context:</strong> server config, virtual host<br>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<strong>Status:</strong> core<br>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<p>The &lt;Location&gt; directive provides for access control by

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwURL. It is comprable to the <a

91d7f85e02991954d1e1bd44673df567ad8dcc87Gordon Rosshref="/core.html#directory">&lt;Directory&gt;</a> directive, and

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwshould be matched with a &lt;/Location&gt; directive. Directives that

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwapply to the URL given should be listen

91d7f85e02991954d1e1bd44673df567ad8dcc87Gordon Rosswithin. <code>&lt;Location&gt;</code> sections are processed in the

c5c4113dfcabb1eed3d4bdf7609de5170027a794nworder they appear in the configuration file, after the

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw&lt;Directory&gt; sections and <code>.htaccess</code> files are

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwread.</p>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<p>Note that, due to the way HTTP functions, <em>URL prefix</em>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwshould, save for proxy requests, be of the form <code>/path/</code>,

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwand should not include the <code>http://servername</code>. It doesn't

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwneccessarily have to protect a directory (it can be an individual

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwfile, or a number of files), and can include wildcards. In a wildcard

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstring, `?' matches any single character, and `*' matches any

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwsequences of characters.

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<p>This functionality is especially useful when combined with the

91d7f85e02991954d1e1bd44673df567ad8dcc87Gordon Ross<code><a href="/mod_mime.html#sethandler">SetHandler</a></code>

91d7f85e02991954d1e1bd44673df567ad8dcc87Gordon Rossdirective. For example, to enable status requests, but allow them only

c5c4113dfcabb1eed3d4bdf7609de5170027a794nwfrom browsers at foo.com, you might use:

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw<pre>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw &lt;Location /status&gt;

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw SetHandler server-status

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw <Limit GET>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw order deny,allow

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw deny from all

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw allow from .foo.com

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw </Limit>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw &lt;/Location&gt;

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw</pre>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw</BODY>

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw</HTML>

91d7f85e02991954d1e1bd44673df567ad8dcc87Gordon Ross

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw