I'm using awstats on debian, so the awstats.pl in in /usr/lib/cgi-bin and the icons in /usr/share/awstats/icon, and both must be served. Using apache, I put both directoris in the same athentication realm, yet with anything I tried so far I always get a series of 401s for each subdirectory in the icon directory. For example, the client authenticates for awstat.pl and /awstatsicons/other; next it gets a 401 when requesting icons for /awstatsicons/clock, and so on for other subdirectories. Here's a typical log file: this is the part I'd expect, one 401 for each Directory, followed by authentication: ip - - [03/Feb/2010:22:08:39 +0100] "GET /awstats/awstats.pl HTTP/1.1" 401 401 "-" ip - user [03/Feb/2010:22:08:44 +0100] "GET /awstats/awstats.pl HTTP/1.1" 200 951 "-" ip - user [03/Feb/2010:22:08:45 +0100] "GET /awstats/awstats.pl?framename=mainleft HTTP/1.1" 200 ip - - [03/Feb/2010:22:08:45 +0100] "GET /awstatsicons/other/page.png HTTP/1.1" 401 ip - user [03/Feb/2010:22:08:45 +0100] "GET /awstatsicons/other/page.png HTTP/1.1" 200 ip - user [03/Feb/2010:22:08:45 +0100] "GET /awstatsicons/other/awstats_logo6.png HTTP/1.1" 200 Code (markup): here's how this continues, and I do not understand why this happens. Each request for another subdirectory of /awstatsicons starts with 401, only after a while it turns into 200. Why doesn't the authentication propagate to all subdirectories immedeatly? ip - - [03/Feb/2010:22:08:45 +0100] "GET /awstatsicons/clock/hr1.png HTTP/1.1" 401 401 ip - - [03/Feb/2010:22:08:45 +0100] "GET /awstatsicons/clock/hr3.png HTTP/1.1" 401 401 ... ip - user [03/Feb/2010:22:08:45 +0100] "GET /awstatsicons/clock/hr5.png HTTP/1.1" 200 ip - user [03/Feb/2010:22:08:45 +0100] "GET /awstatsicons/clock/hr7.png HTTP/1.1" 200 ... ip - - [03/Feb/2010:22:08:46 +0100] "GET /awstatsicons/flags/be.png HTTP/1.1" 401 401 ... ip - user [03/Feb/2010:22:08:46 +0100] "GET /awstatsicons/flags/net.png HTTP/1.1" 200 Code (markup): At the end the browser requests all the icons it received a 401 for again, and receives them succesfully. Also all is fine when refreshing the page. Here's my current apache config: Alias /awstatsclasses "/usr/share/awstats/lib/" Alias /awstatscss "/usr/share/doc/awstats/examples/css/" Alias /awstatsicons "/usr/share/awstats/icon/" ScriptAlias /awstats/ "/usr/lib/cgi-bin/" <Directory /usr/lib/cgi-bin> AddHandler cgi-script .pl Options +ExecCGI +FollowSymLinks Allow from all Require valid-user AuthName "Statistics" AuthUserFile /home/apache/auth/awstatsauth </Directory> <Directory /usr/share/awstats/icon> Options +FollowSymLinks Allow from all Require valid-user AuthName "Statistics" AuthUserFile /home/apache/auth/awstatsauth </Directory> Code (markup): I also tried: - putting a symlink to the icon directoy inside the /usr/lib/cgi and changing the Alias accordingly, same problem - copying entire icon directory into the cgi-bin directory, then it works ok but it's no option. Any help will be greatly appreciated!