Check "apachectl -S" output in case there is some other virtualhost there getting the requests. That virtualhost as it is should deny access, if it is not, then there is something missing in what you show. Not sure if it may be another virtualhost or another virtualhost and .htaccess, etc. El mar, 20 abr 2021 a las 12:01, Adrian (<adrian@xxxxxxxxxxxxxx.invalid>) escribió: > > using Apache/2.4.38 (Debian) > with Debian-style split config. > > Here are the relevant bits of a vhost. This is > in /etc/apache2/sites-enabled/000-default. > > <VirtualHost *> > ServerName www.example.org > DocumentRoot /var/www/example > CustomLog /var/log/apache2/example/access.log combined > > <Directory "/var/www/example/" > > # DISABLE THE ENTIRE DOCROOT > Require all denied > </Directory> > </VirtualHost> > > I restarted Apache and browsed a page that isn't in cache. It loaded > as normal. > > My real question is that basic file auth is also ignored, but I thought > I'd start simple. > > Things that might be related, to rule them out: > ${APACHE_LOCK_DIR} and ${APACHE_RUN_DIR} are not defined. > > I have the compatibility module loaded, as I migrated from 2.2, but as > far as I can see I have no remaining 2.2 syntax in my config. > > Let me know what else you may need and I'll provide it. > > Thanks > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > -- Daniel Ferradal HTTPD Project #httpd help at Freenode --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx