> You need to read: > http://httpd.apache.org/docs/2.2/sections.html I've read that section and also the section on the order in which the directives are applied, but what I'm seeing doesn't seem to match the documentation, in my opinion. > You'll find that <Directory> automatically protects subdirectories, so you > don't need that <DirectoryMatch> complication. You'll also find that the > order of processing is important. I perhaps hadn't made clear what it was that I'm after: /cgi-bin - open without password protection /cgi-bin/admin - password protected; only user "Swifty" /cgi-bin/anyotherdir - password protected; any user This seems to require at least one wildcard so that the subdirectories are protected without the cgi-bin directory being protected. I couldn't find a way to achieve this with the <Directory> statement. I tried: <Directory /var/www/cgi-bin/*> # Protects cgi-bin as well <Directory /var/www/cgi-bin/?> # Doesn't protect cgi-bin/users <Directory /var/www/cgi-bin/?*> # Protects cgi-bin as well! (how?) <Directory /var/www/cgi-bin/?*/> # Protects cgi-bin as well! (how?) <Directory /var/www/cgi-bin/*/*> # Protects cgi-bin as well! (how?) <Directory /var/www/cgi-bin/?*/*> # Protects just subdirectories, # But overrides admin directory I just cannot see how the statements above marked "how?" can match /var/www/cgi-bin but somehow they do. They all seem to require matching at least one character beyond the end of /var/www/cgi-bin > Replacing the <DirectoryMatch> with <Directory> will probably fix your > main problem as well, since it will cause the second Require directive to > be processed last, overriding the first one, rather than vis-versa. I wish this were so, but I simply cannot find a combination that works. Steve Swift http://www.swiftys.org.uk --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx