I don't really understand the 'protection' of wa offers in UNIX. I install wa in /usr/local/apache/cgi-bin and the archives is under /usr/local/apache/htdocs/archives. All the archives can be accessed by subscribers ONLY. BUT, you can easily bypass the email/password if you know (or guess) the name of ANY archive, e.g, http://www.anysite.com/archives/test.log0301 or even better http://www.anysite.com/archive/test.html to search the whole list. It didn't offer any .htaccess. I must miss something important, but I could not find it either in manual or LSTSRV-L. Would someone shed a light or confirm that? Thanks. Shinn