I need to block access to all file types except .html, .jpg and .pdf. What I did was add these lines to httpd.conf <FilesMatch "\.*$> Order allow,deny Deny from all </FilesMatch> <FilesMatch "\.(html|jpg|pdf)$"> Order allow,deny Allow from all </FilesMatch> The problem with this is that if a browser does not enter a specific file(eg www. serverurl. comort/ when trying to access www. serverurl. comort /url.html) then their access is forbidden. I need this to be able to server url.html if only a directory is requested, such as: www. serverurl. comort/ will serves www. serverurl. com: port/ url.html www. serverurl. comort/admin/ serves www. serverurl. com: port/ admin/ url.html Also, I have a directory admin and it has a subdirectory private. Admin has user authentication for access (from both secre and nonsecure VirtualHosts) but Private must only be accessible from my secure VirtualHost. If it is requested from my non-secure VirtualHost, it must be denied. I cannot figure that point out. I have denied it from all and only allowed it from my secure VirtualHost, but when I browse to it from nonsecure VirtualHost, I can input a username and password from the Admin folder and I will be allowed access. Any help on those? Disregard the spaces between URLs..