The “allow “and “deny” rules do not need to use the asterisk or question mark wildcards. Instead, they can specifically identify user names. For example, the user’s specified inside the “deny user” tag are restricted to access the pages and the users which are specified inside the “allow user” are allowed to access the page in the code.