Apache prevent access to everything except a single location

I'm trying to block access to everything on a vhost except a single safe-path (and really, everything under it, so /safe-path/item-1, /safe-path/item-2, etc); from reading the docs, it seems that I should be able to do:

<Location />
Order allow,deny
Deny from all
</Location>
<Location /safe-path>
Order allow,deny
Allow from all
</Location>

But this doesn't seem to work; all URLs return a 403. I've tried the other order as well, and it doesn't seem to matter. If there's a "better" solution to the problem I'm trying to solve, I'm open to that as well.

EDIT: After doing some more research, I found Require all denied and Require all granted, which seems to be the 2.4 syntax. However, even setting the blocks to look like this it doesn't seem to work as expected:

<Location "/">
    Require all denied
</Location>
<Location "/safe-path">
    Require all granted
</Location>

I'm getting a 403 on every URL I hit. Even changing the order doesn't seem to make a difference.


Solution 1:

Not sure why it does not work with Require directive, but you can use instead mod_rewrite to acheive what you want.

In this example, I disable (403 Forbidden) everything except queries that start with /projects (tested with an existing folder that has sub directories):

<Directory /my/document/root/path>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/projects
    RewriteRule .* - [F]
</Directory>

Should work the same in a <Location> block.