Addendum to my ealier post: Since php and perl and etc etc are all vulnerable, and php files can have many file suffixes beside (.php), perhaps the better <Files> statement would just allow images and deny everything else:
<Files ~ "\.(gif|jpe?g|png)$"> or maybe <FilesMatch "\.(gif|jpe?g|png)$"> You get the idea. tr ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
