Hi,

Our host recently "upgraded" our server. This involved some sort of "in-place migration", meaning the IPs attached to our VPS did not change. However, certain problems have cropped up.

Many of our product pages link to pdf's contained in the store's download folder. But if a link is clicked on, instead of seeing a pdf an error occurs:
Internal Server Error 500

The problem has been tracked to the htaccess in the downloads folder. When it is removed, the links work fine. However, that leaves the folder vulnerable.

Here is the code from the htaccess:
Code:
#
# @copyright Copyright 2003-2011 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 18695 2011-05-04 05:24:19Z drbyte $
#

AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
#Require valid-user


###############################
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. 
# Example:
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">
  Order Allow,Deny
  Deny from all
</FilesMatch>

# but now allow just *certain* necessary files:
<FilesMatch ".*\.(zip|ZIP|gzip|pdf|PDF|mp3|MP3|swf|SWF|wma|WMA|wmv|WMV|wav|epub)$">
  Order Allow,Deny
  Allow from all
</FilesMatch>

<IfModule mod_headers.c>
  <FilesMatch ".*\.(zip|ZIP|pdf|PDF|mp3|MP3|swf|SWF|wma|WMA|wmv|WMV|wav|epub)$">
    # tell all downloads to automatically be treated as "save as" instead of launching in an application directly
    # ALERT: ForceType requires Apache2 or later. If using older version of Apache, it will need mod_mime installed. Or just comment out the ForceType line below
    # (to disable, just comment the next 2 lines by adding a '#' at the beginning of each):
    # ForceType application/octet-stream
    # Header set Content-Disposition attachment
  </FilesMatch>
</IfModule>

IndexIgnore */*


## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI
Is there something wrong with that?

Or is there some service on the VPS (apache) that needs to be enabled?

Huge thanks in advance for your thoughts!

~Mike