> I tried to do the deny *.inc but doing so just made it so the browser can't
> even include them. So that won't do the trick.
Uh, what? Aren't these .inc files included by PHP scripts? PHP has no
way of knowing whether you are denying access to them from the httpd.conf
level with a proper deny rule.
For example, I have a site where I want all the *.inc files in my
DocumentRoot directory to be inacessible, but in other directories I want
them to be viewable. So I use a rule like this:
<LocationMatch "^/[^/]*.inc">
Order allow,deny
Deny from all
</LocationMatch>
Works perfectly.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
