severity wishlist I got it resolved; apparently the rewritemap will not work when globally set in /etc/apache2/httpd.conf (even tho it was being "included") But, I wonder if I am still not setting it right -- it would be nice to check server-wide security 'before' individual vhosts :P Just a thought :)