Apache, .htaccess: FilesMatch matches URIs or real file names?

This is about Apache, and in particular .htaccess directives.

Let's suppose that /index.htm exists.

I want to have a whitelist of files allowed to be accessed (only .htm), so I've come up with this:

Order deny,allow
Deny from all
<FilesMatch "\.htm$">
  Allow from all
</FilesMatch>

What I see is that when requesting www.domain.com/index.htm all works fine, but when requesting just www.domain.com (empty URI) I get a 403 response (of course I should get the default index.htm instead).

After some testing I've discovered that it's because the empty string is not allowed by FilesMatch, so I'm wondering if I have understood well: [question #1a] can I say that FilesMatch matches the URI and not directly the real开发者_JS百科 filename (the one in the filesystem)?

After this I have tried to rewrite the empty string with:

RewriteEngine on
RewriteRule ^$ index.htm [L]

with no luck, so [question #1b] can I say that FilesMatch denies access before any rewrite or am I doing something wrong?

In the end the only working solution I've come up with is including the empty string in FilesMatch's regexp:

<FilesMatch "(^|\.htm)$">

[question #2] Is this really the best, or even the only way to solve this problem? I can't find my solution around in the web, so I fear I'm doing something wrong from the very beginning...

Thank you!

Regarding your main question and question 1a, FilesMatch matches on file paths, use LocationMatch to match urls.

This is documented here : http://httpd.apache.org/docs/2.0/sections.html#file-and-web

Your question 1b, mod_rewrite can rewrite before authorization start, as stated here : http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#InternalAPI

It's not clear to me why your rewrite rule didn't work, however i usually write :

RewriteRule ^/$ index.htm [L]

IIRC because there is always a "/", both on the server url and inside a folder, but I might be wrong on this point.