6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<HTML>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<HEAD>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<TITLE>Access Control by URL</TITLE>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering</HEAD>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<BODY BGCOLOR="white" TEXT="black" LINK="blue" VLINK="navy" ALINK="red">

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<H1 ALIGN="CENTER">Access Control by URL</H1>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<h2><a name="location">The <code>&lt;Location&gt;</code> Directive</a></h2>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<strong>Syntax:</strong> &lt;Location <em>URL prefix</em>&gt;<br>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<strong>Context:</strong> server config, virtual host<br>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<strong>Status:</strong> core<br>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<p>The &lt;Location&gt; directive provides for access control by

6c12b52e19640747e96f89d85422941a23dc6b29Lennart PoetteringURL. It is comparable to the <a

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poetteringhref="mod/core.html#directory">&lt;Directory&gt;</a> directive, and

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poetteringshould be matched with a &lt;/Location&gt; directive. Directives that

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poetteringapply to the URL given should be listen

718db96199eb307751264e4163555662c9a389faLennart Poetteringwithin. <code>&lt;Location&gt;</code> sections are processed in the

718db96199eb307751264e4163555662c9a389faLennart Poetteringorder they appear in the configuration file, after the

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering&lt;Directory&gt; sections and <code>.htaccess</code> files are

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poetteringread.</p>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering<p>Note that, due to the way HTTP functions, <em>URL prefix</em>

718db96199eb307751264e4163555662c9a389faLennart Poetteringshould, save for proxy requests, be of the form <code>/path/</code>,

2d4a39e759c4ab846ad8a546abeddd40bc8d736eLennart Poetteringand should not include the <code>http://servername</code>. It doesn't

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poetteringnecessarily have to protect a directory (it can be an individual

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poetteringfile, or a number of files), and can include wild-cards. In a wild-card

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poetteringstring, `?' matches any single character, and `*' matches any

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poetteringsequences of characters.

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poettering<p>This functionality is especially useful when combined with the

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poettering<code><a href="mod/mod_mime.html#sethandler">SetHandler</a></code>

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poetteringdirective. For example, to enable status requests, but allow them only

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poetteringfrom browsers at foo.com, you might use:

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poettering

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering<pre>

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering &lt;Location /status&gt;

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering SetHandler server-status

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering order deny,allow

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering deny from all

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering allow from .foo.com

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering &lt;/Location&gt;

4e2f8d27781731021aa6b96c0ee18a8966eefe1cLennart Poettering</pre>

a911bb9ab27ac0eb3bbf4e8b4109e5da9b88eee3Lennart Poettering

718db96199eb307751264e4163555662c9a389faLennart Poettering</BODY>

6c12b52e19640747e96f89d85422941a23dc6b29Lennart Poettering</HTML>

718db96199eb307751264e4163555662c9a389faLennart Poettering

718db96199eb307751264e4163555662c9a389faLennart Poettering