Received: by taz.hyperreal.com (8.8.3/V2.0) id NAA10609;
 Thu, 9 Jan 1997 13:56:55 -0800 (PST)
Received: from nora.pcug.co.uk by taz.hyperreal.com (8.8.3/V2.0) with SMTP id
 NAA10598; Thu, 9 Jan 1997 13:56:49 -0800 (PST)
Received: from imdb.demon.co.uk by nora.pcug.co.uk id aa15862;
          9 Jan 97 21:48 GMT
Date: Thu, 9 Jan 1997 21:42:00 +0000 (GMT)
From: Rob Hartill <robh@imdb.com>
X-Sender: robh@localhost
To: Apache Group <new-httpd@hyperreal.com>
Subject: setting handlers from .htaccess
Message-ID: <Pine.BSF.3.91.970109213711.3503E-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com


A bugs mail user reports that users can invoke the status/info modules
from .htaccess files even though the main server config has "strict"
access permissions based on IP addresses.

Is there any way to prevent these handlers kicking in if .htaccess files
are allowed to map any <File> to the offending handler ?

rob