Following some discussion on the cobalt-users list, it seems that this problem affects both the Raq2 and Raq3. It likely affects other cobalt products, but I haven't confirmed it. I verified this on my Raq2. By default, raq-hosted sites expose .htaccess files to the world. The configuration files are located in /etc/httpd/conf/. Fix: Add these lines to your access.conf file and restart Apache. (This was taken from my debian install :). # Do not allow retrieval of the override files, # a standard security measure. <Files .htaccess> order allow,deny deny from all </Files> Annoyingly enough, if you modify this file, Cobalt will probably tell you your warranty is void. Interestingly enough, the access.conf file contains the following: # ignore .files #<Files "\.*"> #deny from all #</Files> (Note it is commented out.) Paul
