I have someone who is direct linking to my files in a particular directory. I tried to experiment with using .htaccess to deny, but it's not working. I have the following: order allow,deny deny from badguy.com allow from all I also tried reversing the order order deny,allow deny from badguy.com allow from all but when I go to his site, I can still download my files. WHat am I doing wrong? I have the .htaccess file in the directory I want to forbid and at the webroot. This is in a subdomain. (eg. subdomain.mydomain.net) Thanks Edit: I also created a vhost.conf file for the subdomain and put these lines in it: <Directory "/home/httpd/vhosts/<Mydomain>.net/subdomains/<SubdomainName>/httpdocs/*"> order allow,deny deny from badguy.com allow from all </Directory> ran websrvmng, restarted apache and verified the directives were in the list (using Webmin to view them). It still doesn't work e.g., I can still download the files from his site.