On Fri, 04 Dec 2009 11:14:38 -0500, vr <debian-user@iotk.net> wrote: > I understand that .htpasswd should reside someplace else and even moved it > to rule this out but is the above not enough on a default installation of > apache2 under lenny to protect a directory? I managed to find my answer: The <directory> /var/www has AllowOverride None which I changed to "All". Sorry for the noise!