In the first edition of this book we said that if you wrote your httpd.conf file as shown earlier, but also created .../conf/access.conf containing directives as innocuous as:
<Directory /usr/www/APACHE3/site.anon/htdocs/salesmen> </Directory>
security in the salespeople’s site would disappear. This bug seems to have been fixed in Apache v1.3.