Currently 3.0.1.3 there is a .htaccess file in /stats/ of every web site. Here is the contents: Code: AuthType Basic AuthName "Members Only" AuthUserFile /var/www/clients/clientX/webYY/.htpasswd_stats <limit GET PUT POST> require valid-user </limit> Why <Limit> is used? Should not be there just a plain "require valid-user" directive? What if Apache has some other modules which implement HTTP methods which could be used to get the stats?
