Hi, I'm currently setting up a simple web server. So far, everything (PHP, MySQL) works very well, but I admit I never gave security that much thought. Time to change that habit. First things first. The RHEL Deployment Guide lists Apache's configuration directives alphabetically. Instead of going through them from A to Z, I'll try to start with what seems more important, and then advance step by step. User apache Group apache As far as I understand, I have to chown all my web content accordingly, so that everything below /var/www/html belongs to apache:apache. Right? cheers, Niki