Can a final "Allow all"
What does "final" mean in this context?
Remember that all those SetEnvIf directives do not, by themselves
, say anything about access. You're just defining an environmental variable that will be used by later Allow or Deny or Require statements. To be fully effective, they should be at the highest possible directory level -- either lying loose in a <VirtualHost> envelope or in the <Directory /> section -- so they will apply to all requests, regardless of what you plan to do with them.
It would be perfectly legimate to have
Allow from env=special_case
in one place, and
Deny from env=special_case
(referring to the very same environmental variable) in a different place. The server doesn't care.*
In general, the essence of a <Files> envelope is to make special rules, whether those are stricter or looser than your default rules. (Let everybody see robots.txt; let nobody see your admin files.) Each new envelope has the potential to override all previous envelopes, where "new" and "previous" mean "in the order that the server meets them".
Now, I know I've asked this before, but are you absolutely
certain you need a <Location> envelope? It seems like borrowing trouble. If there are a few rules that are only meant to apply to specific URLs, and those URLs cannot be made to conform to anything in the (physical) directory structure, you could always do it with a RewriteRule, where the body of the rule lays out the URL. * Can't help thinking this line belongs on a T-shirt.