In my apache config I currently have the following settings on an svn/dav folder: <LimitExcept GET PROPFIND OPTIONS REPORT> Require user admin Allow From all </LimitExcept> <Limit GET PROPFIND OPTIONS REPORT> Satisfy any Require valid-user Allow from env=ValidXForward Allow from env=NoXForward </Limit> The XForward env's are calculated to determine where the request is coming from (via the proxy etc). So the idea is that from inside, the env= rules allow all GET/PROPFIND/OPTIONS/REPORT requests from internal IP's with no credentials, and also from outside with valid credentials. This works fine. Other requests (not GET/PROPFIND/OPTIONS/REPORT) only work for user admin. The problem is that when another user is specified, apache returns a 401 and the user gets prompted for different credentials. I don't want this. If the user is a valid user but is not allowed access then I want 403 to be returned and the user to get a DENIED. Does anyone know how to make this happen? Thanks James