Just to be sure, I think I should clarify something.. When I said, >Well.... Not exactly, at least not on my remaining >RaQ3. I have the following in my access.conf file and >I still can (and do) use .htaccess files to password >protect a few user directories.. > ><Directory /> >Options None >AllowOverride None >AuthFailDelay 2000000 ></Directory>
I wasn't implying that changing this directive in access.conf to what's shown above doesn't work, because it does in regards to this Vuln thing... I was just commenting that I can still use .htaccess files to password protect user's directories with AllowOverride set to None (as well as options). Like I stated, my access.conf file uses the above directive, and when I try to run that SSI script, I just get a clean (blank), white page.. Personally, I'd recommend setting AllowOverride (and options) to None.. -BUT- I don't offer/enable FP on my RaQ3 either, so I don't know if doing so will mess anything up with FP or not..? But you can still use .htaccess files for password protected directories, so I'd guess it would be okay for FP enabled sites as well.. Babbara __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
