The Order directive controls the order of access directive processing only within each phase of the server's configuration processing. This implies, for example, that an Allow or Deny directive occurring in a <Location> section will always be evaluated after an Allow or Deny directive occurring in a <Directory> section or .htaccess file, regardless of the setting of the Order directive. Take into account that symbolic links and Alias directives may affect your authentication setup. For example, your restrictions may be bypassed if your access control directives are placed inside a <Location> container but the content is also accessible through additional URL mappings. |