I would guess you need a "satisfy any" directive.. but you're not posting how you have things configured... so no se.
<Directory ".../Apache2.2/htdocs"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from #host list# </Directory> This is the following directory directive I want protected if the IP is in allow if not use passwords file <Directory ".../htdocs/secret"> AuthType Basic AuthName "Magicenglish Files" AuthBasicProvider file AuthUserFile ".../passwd/passwords" Require user username Allow from #host list# </Directory> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx