This can be quite confusing for newbies. I have only recently got my head around it. I think the connect bug workaround also added confusion to this for me. The default state for Order deny,allow is to allow from all as Alfred has already mentioned. To deny from all without a Deny from all directive is Order allow,deny IMO if you can stick to one variant of the directive ordering in your configuration, you will save yourself some confusion. <Directory "/var/www/manual"> Order deny,allow Allow from 10.254.0.0/24 </Directory> This is redundant and has the same effect as just saying: <Directory "/var/www/manual"> Order deny,allow </Directory> which allows everyone in. To not use the deny from all directive, you would need to do: <Directory "/var/www/manual"> Order allow,deny </Directory> Which would block access to everyone. <Directory "/var/www/manual"> Order allow,deny Allow from 10.254.0.0/24 </Directory> Would then allow access to the LAN network range mentioned. Using <Directory "/var/www/manual"> Order deny,allow Deny from all Allow from 10.254.0.0/24 </Directory> Is another line to type, but reminds oneself that you are actually denying access to everyone, and then only allowing people on that LAN in. HTH Keith --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx