On 01/04/2016 12:11 AM, Jeroen Roovers wrote: > >> Without updating APACHE2_OPTS, websites could end up serving >> PHP code (include configuration files with passwords) >> unprocessed to website visitors! > > That would mean there is an additional (local) security problem. >
All PHP applications are written by the sort of people who will tell you to put a config file in the public DocumentRoot, and that's not easy to fix as the system administrator. Those virtual hosts should really really really really really be wrapped in <IfModule> statements.
