33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<HTML>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<HEAD>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<TITLE>Access Control by URL</TITLE>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist</HEAD>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<BODY>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<H1>Access Control by URL</H1>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<h2><a name="location">The <code>&lt;Location&gt;</code> Directive</a></h2>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<strong>Syntax:</strong> &lt;Location <em>URL prefix</em>&gt;<br>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<strong>Context:</strong> server config, virtual host<br>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<strong>Status:</strong> core<br>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<p>The &lt;Location&gt; directive provides for access control by

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistURL. It is comparable to the <a

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquisthref="/core.html#directory">&lt;Directory&gt;</a> directive, and

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistshould be matched with a &lt;/Location&gt; directive. Directives that

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistapply to the URL given should be listen

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistwithin. <code>&lt;Location&gt;</code> sections are processed in the

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistorder they appear in the configuration file, after the

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist&lt;Directory&gt; sections and <code>.htaccess</code> files are

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistread.</p>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<p>Note that, due to the way HTTP functions, <em>URL prefix</em>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistshould, save for proxy requests, be of the form <code>/path/</code>,

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistand should not include the <code>http://servername</code>. It doesn't

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistnecessarily have to protect a directory (it can be an individual

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistfile, or a number of files), and can include wild-cards. In a wild-card

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquiststring, `?' matches any single character, and `*' matches any

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistsequences of characters.

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<p>This functionality is especially useful when combined with the

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<code><a href="/mod_mime.html#sethandler">SetHandler</a></code>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistdirective. For example, to enable status requests, but allow them only

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquistfrom browsers at foo.com, you might use:

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist<pre>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist &lt;Location /status&gt;

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist SetHandler server-status

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist <Limit GET>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist order deny,allow

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist deny from all

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist allow from .foo.com

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist </Limit>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist &lt;/Location&gt;

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist</pre>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist</BODY>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist</HTML>

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist

33a28b94ce2e89da8d1ca8d1b7c517907c141606patricklundquist