Hello, i have Apache 2.2, PHP 5.3, SuPHP handler web server and my aim is to: - prevent users/hosted php/js scripts executing pl, cgi, sh and other possibly dangerous scripts that are not necessary to run php web sites - prevent website visitors to use symlinks to a locations out of their username in aim to do that i found following code and included it to all virtualhosts on the server: <Directory "/"> Options -ExecCGI -FollowSymLinks Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch AllowOverride All </Directory> Code (markup): (BUT i think this code is wrong and at least missing "+" signs and also i allow all users to override my directives in their .htaccess files) So i want to tighten the security and found that other people advise these constructs instead: <Directory "/"> Options +ExecCGI -FollowSymLinks -Includes +IncludesNOEXEC +Indexes -MultiViews +SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Indexes Limit Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,FollowSymLinks </Directory> Code (markup): or: <Directory "/"> Options +All +ExecCGI -FollowSymLinks +Includes +IncludesNOEXEC -Indexes -MultiViews +SymLinksIfOwnerMatch AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch </Directory> Code (markup): (i do not understand how the allowoverride works, i allow override all, and then what is the use of the Options= while i allowed all options overriding already by defining AllowOverride All?) So far this is what i want to use now and i need to ask your kind feedback on how to enhance it: <Directory "/"> Options +All +ExecCGI -FollowSymLinks +SymLinksIfOwnerMatch +Includes +IncludesNOEXEC -Indexes -MultiViews AllowOverride None Options=Indexes,MultiViews </Directory> Code (markup): I have doubt if i should use Option +All and AllowOverride None . Third thing is the "-FollowSymLinks +SymLinksIfOwnerMatch" which i assume (if hosted websites like Joomla will work) will need me to adjust all .htaccess files (on regular basis) not to contain FollowSymLinks in them and contain FollowSymLinksIfOwnerMatch instead, unless i want people to see Error 500. I want to ask for feedback on how to adjust above mentioned code for good security. I am hosting websites which may be hacked or the sites which owners can abuse server on purpose, so my aim is highest security. But at same time i do not want to cause excessive Error 500 to casual CMSs like Wordpress, Joomla, Drupal. Thank You