[EMAIL PROTECTED] (Rob Giseburt) wrote:
>Are .htaccess files secure? I don't want users to be able to use
><perl>...</perl> sections or any other mod_perl constructs (setting scripts
>to run via the Registry, for example) in .htaccess files. However, I need
>..htaccess files turned on so users can password protect directories
>site-wide (so I can't shut .htaccess files off completely.)
I assume you need <Perl> sections in your main httpd.conf? If not, you can
just shut it off altogether.
Alternatively, you might want to shut it off and use a templating system to
generate your httpd.conf file(s) so they don't have <Perl> sections in them.
>One extra question: Can I turn on mod_perl SSI and have normal SSI calls at
>the same time? In other words, can I have one page (file.pshtml maybe)
>parsed by perl-extended SSI and another (file.shtml) be parsed by normal
>(without perl, mod_ssi?) SSI?
I'm not sure (I think probably not), but you can get the same effect if
you use Apache::SSI for some pages and regular mod_ssi for the others.