One of the many inconguencies encountered migrating from an Apache2 httpd.conf under RH(FC1) Linux : Code: Scripting is disabled for VHost [ApacheMain], access denied I can't find anywhere in the server/vhost setup that lets me specify a 'scripting enable", or that lets me specify whether or not PHP is activated. Before I'd enabled the ApacheMain on the Default listener, I had run the phpinfo() off the Example vhost, and it worked just fine. So PHP is there, and it works, it's just not there for this ApacheMain migrated config. Other install inconguencies: Allow/Deny were left empty by the install, this apparently implies 'Deny ALL' as the ApacheMain vhost returned only 403 errors default logging places the vhost logs under /var/www/html??? that's like, publishing my access/error logs to the world??? /opt/lsws/conf becomes owned by 'root', but the port-7080 admin listener runs as 'nobody' so all these conf files owned by root are not writable, and that means you set vhost settings over and over banging your head against it because it shows on the admin page as changed, but won't really change until you manually change these conf file and dir ownerships to 'nobody' now that the conf files are owned by 'nobody', any hacker PHP scripts that manage to slip by, eg if the PHP is inadvertently left with SAFE-MODE disabled, can read/write/delete your configuration. Shouldn't config files be owned by root? the default session timeout is way too short; by the time I've read a help page, it's timed out -- where is this set? Maybe the help pages could use a concept index? I eventually re-found this one, under the third admin realm -- which is logical since this only applies to the webmin interface, but it still shouldn't be set on a default as short as 5 minutes. It's also a good thing the install sets it, because the no-value default, according to the help pages, is a scant 1 minute!! somewhat related, what's with the 10-digit random (timestamp?) number on the admin realm? Totally frustrates using Firefox to remember and fill in the admin password and while I can see that as a feature for a site where the admin's desktop machine is an open-access terminal, I'm under Unix, nobody uses my machine (or my browser) unless they have my password, and if they have that, I'm screwed anyway. Since a bug is a feature that cannot be turned off, this seems like a bug.