AragonX wrote: > and external users (customers). There are some web applications that I > would like to have available to internal users but require external users > to have a password to access the directory Can you distinguish internal user from external ones? If so, you can use the 'Satisfy' directive to let internal user in without asking for a password. > I'm afraid someone will spoof the IP addresses of the internal network > to bypass this security measure. So, if you don't trust the IP address how do you distinguish the two? Davide -- Linux: Because rebooting is for adding new hardware --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx