On Thu, 8 Jul 2010 10:57:23 +0200 Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote: <snip> > > is this in server config or in some virtualhost or directory section? > Is there any <Files> section of the host you are referring to? > </snip> Hello Mark and Matus, Thanks for your responses, the <Files> section is at httpd.conf .I think it would be the best if I show you two files; httpd.conf and a vhost ###### httpd.conf ############### -------------------------------------- # run under this user/group id Include /etc/apache2/uid.conf # - how many server processes to start (server pool regulation) # - usage of KeepAlive Include /etc/apache2/server-tuning.conf # ErrorLog: The location of the error log file. ErrorLog /var/log/apache2/error_log # generated from APACHE_MODULES in /etc/sysconfig/apache2 Include /etc/apache2/sysconfig.d/loadmodule.conf # IP addresses / ports to listen on Include /etc/apache2/listen.conf # predefined logging formats Include /etc/apache2/mod_log_config.conf # generated from global settings in /etc/sysconfig/apache2 Include /etc/apache2/sysconfig.d/global.conf # optional mod_status, mod_info Include /etc/apache2/mod_status.conf Include /etc/apache2/mod_info.conf # optional cookie-based user tracking # read the documentation before using it!! Include /etc/apache2/mod_usertrack.conf # configuration of server-generated directory listings Include /etc/apache2/mod_autoindex-defaults.conf # associate MIME types with filename extensions TypesConfig /etc/apache2/mime.types DefaultType text/plain Include /etc/apache2/mod_mime-defaults.conf # set up (customizable) error responses Include /etc/apache2/errors.conf # global (server-wide) SSL configuration, that is not specific to # any virtual host Include /etc/apache2/ssl-global.conf # forbid access to the entire filesystem by default <Directory /> Options None AllowOverride None Order deny,allow Deny from all </Directory> AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> ### Virtual server configuration #### Include /etc/apache2/vhosts.d/*.conf ````````````````````````````````````````````````````````````` And now here is one vhsost ``````````````````````````````````````````````````` <VirtualHost example.com:80> ServerName http://www.example.com ServerAlias http://example.com ServerAdmin you@xxxxxxxxxxx #don't loose time with IP address lookups HostnameLookups Off # needed for named virtual hosts #UseCanonicalName Off DocumentRoot /srv/www/htdocs/example.com DirectoryIndex index.php ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/" <Directory "/srv/www/htdocs/example.com/"> Options +FollowSymLinks -Indexes # .htaccess slows down apache; only use it when required # AllowOverride All Order allow,deny Allow from all ### Begin: Rewrite stuff ### <IfModule mod_rewrite.c> # Enable URL rewriting RewriteEngine On RewriteBase / # If the file/symlink/directory does not exist => Redirect to index.php # Important note: If you copy/paste this into httpd.conf instead # of .htaccess you will need to add '%{DOCUMENT_ROOT}' left to each # '%{REQUEST_FILENAME}' part. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule .* index.php [L] ### End: Rewrite stuff ### </IfModule> </Directory> ScriptAlias /awstats /usr/local/awstats/wwwroot/cgi-bin/awstats.pl <Location /awstats> AuthType Basic AuthName "awstats requires a password" AuthUserFile /srv/www/htdocs/example.com/.htpasswd Require valid-user </Location> </VirtualHost> ````````````````````````````````````````````````````````````````` If I visit example.com; I can see the contents of both .htaccess and .htpasswd :-( --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx