Did you completely flush your browser cache after adding/changing the code?

If the page is successfully loaded by your browser (e.g. from an "allowed" doamin), and you subsequently request it from "a different domain," then your browser will serve the previously-cached version instead of sending the request to your server. If the request isn't sent to the server, then server-side code can have no effect.

Jim

Yes, I did, but it doesn't make any difference. Anyway I don't think the problem is related to that because if I put Allow from 127.0.0.1 or Deny from 127.0.0.1 in my httpd.conf file I just have to restart apache server for every change to get the correct result, there's no need to close browser or flush cache.

Make sure your server has access to a DNS server, and that localhost will be returned if 127.0.0.1 is queried.

Closing the browser generally does not flush the cache. Cached pages will remain until you flush it or delete it, or until some other pages displaces the cache entry based on whatever cache replacement algorithm your particular browser uses, whether that is oldest-entry first, or least-used first.

I'll confess that I've never tried Deny from localhost, so I don't know why this isn't working. As long as you are expecting the Deny to work based on the Remote_Host and not on the HTTP_Referrer, it should work as expected with "real" domains on any server that can make and receive responses to DNS requests.

Jim

Nah,I've checked all what you are saying but it doesn't work...sigh... Well, thanks for your help, anyway. I think I'll try this on another computer to see what happens.