Please help! I have a hosted web site and do not have access to the Apache server level or vhost or httpd.conf. I have an .htaccess in my root folder with a mime directive. I have a subfolder called "/secure". In that folder I have another .htaccess file and an .htpasswd file. I also have a page that allows a download of a .msi file once the user registers. I am trying to protect that page from the general user browser while allowing the site navigation to link to the page once the registration POST is completed correctly (driven by a PERL script). However, no matter how I access the page (either through the browser or from the correct navigation using a "Go to download" button), I receive a Windows Secure window requesting a user id and passwrod. If I key in the user id and password, the download window displays. I can't seem to find the combination to allow the page with the button to open the secure page without the Windows Secure window. The .htaccess code in the "/secure" folder is: # Begin password protection # AuthName "Username and password required!" Require valid-user AuthUserFile "/home/users/web/bnnnnnnn/nnnn.nnnnnn/secure/.htpasswd" AuthType Basic Order Deny,Allow Deny from all Allow from localhost Allow from 184.108.40.206 Allow from msprdev.net Allow from paypal.com Allow from google.com Satisfy Any # End password protection # end code- Any suggestions would be most helpful. If I put in the following in any of the two .htaccess files, I receive an Internal Server error. <Directory /home/*> Options All AllowOverride All </Directory> Thanks for your attention.