location.html revision ffeb75f44c82228ec2b18b47722f428b91b191e5
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Access Control by URL</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Access Control by URL</H1>
<H2><A NAME="location">The <CODE>&lt;Location&gt;</CODE> Directive</A></H2>
<A
HREF="mod/directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> &lt;Location <EM>URL prefix</EM>&gt;<BR>
<A
HREF="mod/directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> server config, virtual host<BR>
<A
HREF="mod/directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> core<BR>
<P>The &lt;Location&gt; directive provides for access control by
URL. It is comparable to the <A
HREF="mod/core.html#directory">&lt;Directory&gt;</A> directive, and
should be matched with a &lt;/Location&gt; directive. Directives that
apply to the URL given should be listen
within. <CODE>&lt;Location&gt;</CODE> sections are processed in the
order they appear in the configuration file, after the
&lt;Directory&gt; sections and <CODE>.htaccess</CODE> files are
read.</P>
<P>Note that, due to the way HTTP functions, <EM>URL prefix</EM>
should, save for proxy requests, be of the form <CODE>/path/</CODE>,
and should not include the <CODE>http://servername</CODE>. It doesn't
necessarily have to protect a directory (it can be an individual
file, or a number of files), and can include wild-cards. In a wild-card
string, `?' matches any single character, and `*' matches any
sequences of characters.
<P>This functionality is especially useful when combined with the
<CODE><A HREF="mod/mod_mime.html#sethandler">SetHandler</A></CODE>
directive. For example, to enable status requests, but allow them only
from browsers at foo.com, you might use:
<PRE>
&lt;Location /status&gt;
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from .foo.com
&lt;/Location&gt;
</PRE>
<!--#include virtual="footer.html" -->
</BODY>
</HTML>