Under Apache 1.2 and above, the Files directive can be used to prevent certain filenames being browsed: eg <Files ~ "\.inc$"> Order allow,deny Deny from all </Files> http://www.apache.org/docs/mod/core.html#files http://www.apache.org/docs/mod/core.html#filesmatch Just seems to me more elegant than associating .inc with a handler. Don't know if there's a similar mechanism under IIS though. vittal -- Vittal Aithal Revolution Ltd <tel: 020 7549 5800> <fax: 020 7549 5801> <[EMAIL PROTECTED]> <http://www.revolutionltd.com/> <[EMAIL PROTECTED]> <http://www.bigfoot.com/~vittal.aithal/> > -----Original Message----- > From: Joshua J. Drake [mailto:[EMAIL PROTECTED]] > > The following is also true for PHP. Naming PHP include files > .inc gives anyone full-read access to the files by simply requesting > them by name. > > The solution of course is to do one of the following: > > a. name php include files with a PHP extension (.php, .php3, etc) that is > associated with PHP parsing them > b. associate .inc files with PHP so that they are parsed and not displayed