I resolved it yesterday by using one of the first suggestions given. The users all have to authenticate, which is how I discovered the abuse. The mystery problem child did not follow the same naming scheme we had set up for the school. The solution did not work for me though until I added the last "deny from all" line. <Directory "/var/www/html/dans"> AllowOverride All Order deny,allow Allow from x.x.x.x Options +ExecCGI deny from all </Directory> Thanks for the replies _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list