path-element of Denied Paths

 virtual-wildcard-path

Parameters:

virtual-wildcard-path: A path that will be matched against the path specified in the HTTP request. This can contain wildcards as described below. On Windows, slashes or backslashes can be used as path separators.

The available wildcards are:

*: Matches any number of any characters except the path separator / (UNIX) or \ on (Windows).
**: Matches any number of any characters. This can be interpreted as "include subdirectories".

Properties:

Default:: None. Paths which do not match those listed in [Allowed Paths] are denied by default, as if the element ** was specified in the [Denied Paths].
Values:: A list of virtual path, usually with wildcards, and each optionally with a filesystem path. Requests containing a path which matches one or more of the denied paths are not permitted to proceed, unless there is an [Allowed Paths] rule which is a better match

Comments:

Entries under [Denied Paths] affect RFA access to normal filesystem files. They do not affect spool, dataset, or COBOL file service operations.

Paths which do not match any of the [Allowed Paths] are denied by default, so [Denied Paths] is only required if you need to block access to some files or directories within an area that is otherwise allowed.

It is common to end a virtual path with * or possibly an expression such as *.txt to indicate it matches all or some files in the target directory. End a virtual path with **, for example **.dat to include subdirectories.

When multiple allowed and/or denied paths match, the outcome is determined by the best (closest) match. Closeness is determined by how many characters in the source path have to be matched by a wildcard. So, for example, if the paths /top/** and /top/next/** both match, the latter would take precedence, for the allow/deny result and for optional path mapping (for an allowed path).

Example:

[Allowed paths]
/docs/reference/**=/opt/refdocs/public

# Don't permit access to git files
[Denied paths]
/docs/reference/.git*
/docs/reference/**/.git*