Personally, I would find it confusing to have settings in httpd.conf with different file suffixes controlling whether or not any given application file included the auth.inc file... Even doing it in .htaccess with <Files> seems a bit hackish. Turning auto_prepend on/off seems reasonable. But I'd still just go with editing the files to do require 'auth.inc' and be done with it. You can almost for sure figure out an awk script to put it into the top of every file, and then hand-edit however many should NOT have it. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php