Hello, I'm trying to disable UserDir in Apache 2.0.52 for PCI compliance (they moan about username enumeration). Setting UserDir to 'disable' (or 'disabled') didn't work, nor did uncommenting the line to load mod_userdir. I've also checked that userdir hadn't been compiled in (it hadn't). I've also checked that I'm editing the correct httpd.conf, that no included files are enabling UserDIr, that Apache really did restart etc etc. Here's what I'm seeing: telnet x.x.x.x 80 Escape character is '^]'. GET /~root HTTP/1.1 Host: x.x.x.x HTTP/1.1 301 Moved Permanently Date: Sun, 23 Jan 2011 22:10:58 GMT Server: Apache Location: http://x.x.x.x/~root/ Content-Length: 302 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://x.x.x.x/~root/">here</a>.</p> <hr> <address>Apache Server at x.x.x.x Port 80</address> </body></html> Code (markup): If I request /~nosuchuser instead, I get: HTTP/1.1 404 Not Found Date: Sun, 23 Jan 2011 21:43:54 GMT Server: Apache Content-Length: 286 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /~nosuchuser was not found on this server.</p> <hr> <address>Apache Server at x.x.x.x Port 80</address> </body></html> Code (markup): So the problem is still there. Could this behavior be down to something other than UserDir ? Any other advice please?