I'm running ISPConfig 3 on CentOS 5.X. I have several Web sites served from the same box and want to enable Web directory protection via the .htaccess/.htpasswd mechanism for just one of these sites. I don't want to enable it (or only as a last resort) by global use of .htaccess using AllowOverride in Apache's main httpd.conf file in the /etc/httpd/conf directory. Question: In which Web site (vhost) specific configuration file should I use the AllowOverride directive for it to correctly password protect the Web site's root directory? The .htaccess file will be placed in the root directory of the specific Web site. That is: /var/www/clients/client2/web13/web. However, I've tried changing the AllowOverride directive in several locations without success. As far as I can tell from the httpd.conf file, all of the pre-requisite Apache modules are being loaded via httpd.conf for .htaccess protection to work.