Hello, I have the following restriction in place: SetEnvIf X-FORWARDED-FOR ^10.161 let_10161_in SetEnvIf COOKIE ^XSESSION let_xuser_in <Location /> Order Deny,Allow Deny from all Allow from env=let_10161_in Allow from env=let_xuser_in </Location> It basically means users whose X-FORWARDED-FOR contains 10.161 gets in. Also it allows users who have a Cookie "XSESSION" gets in. Now, how do I combine them such that only users with both the conditions set can get in or otherwise Deny access. Meaning, a user has to come from 10.161 and also needs to have a XSESSION cookie set inorder to get access. Can I form such an expression in SetEnvIf ? If so how ? Thank you - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Jignesh Badani --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx