Hi, I was wondering if someone could help me out here. I am super-paranoid, so am trying to limit what PHP files can be executed on this server. I have a small list of files that I want to allow. The rest, deny. So I have base rule that denies all php files server-wide: order allow,deny deny from all I want to then allow the execution of a few PHP files in a specific directory: order allow,deny allow from all order allow,deny allow from all This sort of works. My problem is that the ALLOW FROM ALL statements in the above allow anyone in, even if they are denied in the root directory .htaccess, or in the root directory's httpd.conf LIMIT. So that's not what I really want. I just want those 2 php files to be executable IF you're not otherwise locked out elsewhere. Does anyone know how I should configure this to work right? Thanks