On 2/10/07, ankush grover <ankushcentos at gmail.com> wrote: > I have configured a HelpDesk Ticketing System on Centos4.4. The > problem I am facing is that there is a file called "site.xml" which > contains the information about database connections and I don't want > ppl to be able to read that file through browser. As per the > readme.htm of that software if the below entries will be put in > .htaccess then nobody can read the xml through browser. I am not an apache wiz but have you tried excluding just that file - I think the stanza you posted was trying to block reading of all xml files. Also, how is your top level apache config file set up? Can you use .htaccess files within sections of the same or other sites? I know it is possible to set up your main configuration so that normal users can't override options in lower level config files. -- Cynthia Kiser