mod_authz will prevent mod_autoindex from generating a listing of a directory without an index file in certain cases. For security reasons (illegally uploaded files) a generation of the following is performed for all directories: <Directory "/var/www/html/dom.tld/sub"> Require all granted <FilesMatch "\.(php.*|pl|pm|cgi|shtml|phtml|sh)$" > Require all denied </FilesMatch> <Files "address.php"> Require all granted </Files> </Directory> In httpd.conf for the vhosts: DirectoryIndex index.var index.htm index.cgi index.php Options IncludesNOEXEC FollowSymlinks ExecCGI Multiviews <Directory "/var/www/html/don.tld/sub"> Options +Indexes Require all granted </Directory> mod_authz will assume a Require all denied when testing for e.g. index.php, which is not present in the directory, but disallowed by the generated rule. A 403 error will be returned instead of turning over the action to mod_autoindex. There should be no consequences for testing a 'denied' rule against a non-existant file. [Fri Sep 07 22:23:29.769962 2018] [authz_core:error] [pid 25764:tid 140612263212800] AH01630: client denied by server configuration: /var/www/html/dom.tld/sub/index.php [Fri Sep 07 22:23:29.769964 2018] [core:trace3] [pid 25764:tid 140612263212800] request.c(119): auth phase 'check access' gave status 403: /utils/index.php