* typo in the message above. I meant "HTTP 401 instead of HTTP 403". Additionally, I looked at the debug log right now. The thing is that if I will put just Require valid user in the RequireAll section, in the log I would see "denied (no authentocated user yet)". Yet if I will put "Require env SMTH" additionally, apache will check "Require valid user" but then, after it will fail with "denied (no authentocated user yet)", it will also check my second "Require" and will fail just with "denied" and throw HTTP 403. I think this is a bug. Why apache checks for a second Require in RequireAll if the first one failed already? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx