Here is what I did: mv /var/apache2/2.2/htdocs /var/apache2/2.2/vhosts Each vhosts directory has a subdirectory named htdocs. The htdocs directory should only contain html file and php entry point files. Each PHP files which are later included should be outside the htdocs directory. Specially files with database passwords. Some people could missconfigure apache by a mistake, and then each PHP source file could be read by clients. It would be not possible if outside the htdocs directory, no http client could read. Also the htpasswd file could be put outside etc.
In the httpd.conf I added: # # OpenSolaris virtual hosts # Include /etc/apache2/2.2/vhosts.d/*.conf -- This message posted from opensolaris.org
