Best practices securing HTTP/HTTPS (continued) Watching Your Logs continued... As you can see, the log files only report what already has happened, so if the client had been able to access the .htpasswd file you would have seen something in your Access log similar to: foo.bar.com - - [12/Jul/2005:01:59:13 +0200] "GET /.htpasswd HTTP/1.1" This means you probably commented out the following in your server configuration file: Order allow,deny Deny from all