<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<HTML>

<HEAD>

<TITLE>Access Control by URL</TITLE>

</HEAD>

<BODY>

<H1>Access Control by URL</H1>

<h2><a name="location">The <code>&lt;Location&gt;</code> Directive</a></h2>

<strong>Syntax:</strong> &lt;Location <em>URL prefix</em>&gt;<br>

<strong>Context:</strong> server config, virtual host<br>

<strong>Status:</strong> core<br>

<p>The &lt;Location&gt; directive provides for access control by

URL. It is comparable to the <a

href="mod/core.html#directory">&lt;Directory&gt;</a> directive, and

should be matched with a &lt;/Location&gt; directive. Directives that

apply to the URL given should be listen

within. <code>&lt;Location&gt;</code> sections are processed in the

order they appear in the configuration file, after the

&lt;Directory&gt; sections and <code>.htaccess</code> files are

read.</p>

<p>Note that, due to the way HTTP functions, <em>URL prefix</em>

should, save for proxy requests, be of the form <code>/path/</code>,

and should not include the <code>http://servername</code>. It doesn't

necessarily have to protect a directory (it can be an individual

file, or a number of files), and can include wild-cards. In a wild-card

string, `?' matches any single character, and `*' matches any

sequences of characters.

<p>This functionality is especially useful when combined with the

<code><a href="mod/mod_mime.html#sethandler">SetHandler</a></code>

directive. For example, to enable status requests, but allow them only

from browsers at foo.com, you might use:

<pre>

&lt;Location /status&gt;

SetHandler server-status

order deny,allow

deny from all

allow from .foo.com

&lt;/Location&gt;

</pre>

</BODY>

</HTML>