I have an Ubuntu 8.04 LTS server that was configured using the HowTo on this site. I also setup and configured Apache mod_security to further protect the webserver. As part of the HowTo, I installed Webalizer for site statistics. Furthermore, I use basic authentication on the webalizer stats directory. When users browse to the webalizer domain (http://stats.example.com), they are prompted with the authentication dialog box. The credentials appear to be accepted, but then a 404 error is returned. So it would appear that DNS is working correctly, the Apache virtual host is working correctly, and the htaccess file is working correctly. I checked the error logs and saw that mod_security is blocking access and generating the 404 error. The message from mod_security in the log is "Statistics Information Leakage". In this case though, I have provided what I feel is enough security on the directory and don't necessarily need mod_security provider further access. Does anyone have a suggestion on how to modify this mod_security rule to allow access to this directory while still protecting others? Thanks.