On 9/8/2011 12:51 AM, Igor Galić wrote: > > Who knows how many configs we're breaking with that? > Also I don't quite see how it's a security thing, at best "security" > and, for sure, a performance thing (notice: No "")
Good point. In answer to your question, the combination of AddType (e.g. .html to includes-filter) with additional exceptions might circumvent protections which the user anticipated placed on *.html, assuming those were all of the extensions. We see such noise in the php community all of the time, and it is a frequent [and invalid] security report.
