You can consider also
<Files *.inc>
Order allow,deny
Deny from all
</Files>
<Files> sections are processed in the order they appear in the configuration
file, after the <Directory> sections and .htaccess files are read, but before
<Location> sections. Note that <Files> can be nested inside <Directory> sections
to restrict the portion of the filesystem they apply to.
Regards,
Avetis
Jason Dulberg wrote:
> I have about 20 virtual hosts on my server and all of them have shtml and
> some php files that look to a directory /includes/ which is aliased (in the
> srm.conf file) over to a main includes directory under the root dir.
>
> Alias /includes/ /usr/local/etc/httpd/htdocs/includes/
>
> If I change this alias to a directory above the root dir, I can still view
> all of my .inc files in a browser even if I rename them to .inc.php
>
> These .inc files are just plain text that get included into all .shtml files
> on the virtual hosts.
>
> I tried to do the deny *.inc but doing so just made it so the browser can't
> even include them. So that won't do the trick.
>
> Is there any way that I can make these .inc files not readable by viewing
> them directly in the browser and still be able to include them into
> documents? Same goes for the php config stuff. If I put a config.php script
> above the root, how can I get the php script to read it -- is it the same
> 'ol /usr/etc/httpd/ sort of thing like cgi?
>
> My main concern is to get this stuff more secure while still allowing all of
> the virtual hosts to use the files. The contents of the files isn't exactly
> top secret, its just a matter of a piece of mind.
>
> Any ideas to sort this out are greatly appreciated! Thanks.
> __________________
> Jason Dulberg
> Extreme MTB
> http://extreme.nas.net
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
[EMAIL PROTECTED]
ICT Specialist
UNDP, Armenia
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
