> Even though the above entries are there in .htaccess still I am able > to read "site.xml" file. How do I prevent the reading of this file ? .htaccess files are only good if you're allowing them via the AllowOverrides option in your httpd.conf. By default this option is off, and if you have administrative access to the box it should stay that way, as using .htaccess files will cause a (slight) performance hit. You don't really need the satisfy statement there either. I'd create a helpdesk.conf file in /etc/httpd/conf.d/ with: <Directory "/var/www/html/request"> <Files "site.xml"> Order allow,deny Deny from all </Files> #other directory wide modifications, custom 404, etc. </Directory> If all you're protecting is that one file, you don't really need the ~, as that enables full regex matching, which should really be done with FilesMatch Alternatively if you really want to block all xml files, use this: <Files ~ "\.xml$"> -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell