dear apache experts: I have some files with specific extensions, say files ending with .password, that should live in my hierarchy, but never be served up by apache2 under any circumstances. is there an obvious way to do this, other than telling apache that there are executable, which means that apache will flunk when it tries to actually execute them? help appreciated. /iaw
in your .htaccess file use <Files *.EXTENSION> order allow,deny deny from all </Files> Code (markup): That will prevent all access to any file with the extension(s) specified. Hope that helps