Apache HTTP Server

Access Control by URL

The <Location> Directive

Syntax: <Location URL prefix>
Context: server config, virtual host
Status: core

The <Location> directive provides for access control by URL. It is comparable to the <Directory> directive, and should be matched with a </Location> directive. Directives that apply to the URL given should be listed between them. <Location> sections are processed in the order they appear in the configuration file, after the <Directory> sections and .htaccess files are read.

Note that, due to the way HTTP functions, URL prefix should, save for proxy requests, be of the form /path/, and should not include the http://servername. It doesn't necessarily have to protect a directory (it can be an individual file, or a number of files), and can include wild-cards. In a wild-card string, `?' matches any single character, and `*' matches any sequences of characters.

This functionality is especially useful when combined with the SetHandler directive. For example, to enable status requests, but allow them only from browsers at foo.com, you might use:

    <Location /status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    Allow from .foo.com

Apache HTTP Server