Hey, thanks for the repley back.

The reason why we are doing IP based secuirty instead of passwords is simple. We only want people from those companies accessing the site, if we used passwords they could be simply passed around, we dont want that. We want to control who gets access.

Just wanted to ask you if this looks right before i actually post it live on the production server

This is what the Directory Part of the conf file looks like.

# Security Over PHPmyAdmin
<Directory "/var/www/html/phpmyadmin">
Options Indexes Includes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthUserFile /var/.htpasswd
require valid-user
</Directory>

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

I will change it to this:

# Security Over PHPmyAdmin
<Directory "/var/www/html/phpmyadmin">
Options Indexes Includes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthUserFile /var/.htpasswd
require valid-user
</Directory>

<Directory />
    Options FollowSymLinks
   AllowOverride None
   Order Deny,Allow
   Deny from all
</Directory>

<Directory "/var/www/mysite">
   AllowOverride None
   Order Deny,Allow
   Allow from 127.0.0.1
</Directory>

is this all right ? Do i have to change any thing else ? i have other sites on here which i dont want blocked, just that one site in that directory. My Virtual Hosts look like this if it matters:

#mysite
<VirtualHost 172.16.23.1:80>
ServerName mysite.co.nz
RewriteEngine on
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         http://www.mysite.co.nz/$1 [NE,R]
</VirtualHost>

<VirtualHost 172.16.23.1:80>
    ServerAdmin developer@mysite.co.nz
    DocumentRoot /var/www/html/mysite
    ServerName www.mysite.co.nz
</VirtualHost>

Also is it possible to choose where the blocked people go ? at the moment they load the fedora test page, i would like to inform them with a message why they arent seeing the site properly.

cheers

rob