Default ISPC setting in /etc/apache2/apache2.confapac for web and users webs is:
Options +Includes -Indexes
AllowOverride Indexes AuthConfig Limit FileInfo
Allow from all
<Files ~ "^\.ht">
Deny from all
Which is good for security, because when set to AllowOverride Options, user can run CGI scripts and much more as described in manual http://httpd.apache.org/docs/2.2/mod/core.html#options
But it can be very helpfull allow Overwrite Options Indexes + for users in .htacess files as setting browsable directories handy for every customer is really annoying.
Haven't you guys seens any patch or hack to allow only Options Indexes for users?
I have seen some hosting companies which says that there is Only Options=Indexes allowed for their users so i'm wondering if they are using some own modifications of apache or how they do it
Thanks for any hint
I'm using debian Lenny with latest apache 2.2.9-10+lenny2