This bit of logic in includes_filter() in mod_include looks
like a security hole:
if (r->method_number != M_GET) {
return ap_pass_brigade(f->next, b);
}
It's possible to see the unparsed content of a file by just POSTing to it...
--Brian
