Apache 2.2 - is there way how to allow only Options=Indexes f?

[radim_h]

Default ISPC setting in /etc/apache2/apache2.confapac for web and users webs is:
<Directory /var/www/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>


Which is good for security, because when set to AllowOverride Options, user can run CGI scripts and much more as described in manual http://httpd.apache.org/docs/2.2/mod/core.html#options

But it can be very helpfull allow Overwrite Options Indexes + for users in .htacess files as setting browsable directories handy for every customer is really annoying.

Haven't you guys seens any patch or hack to allow only Options Indexes for users?
I have seen some hosting companies which says that there is Only Options=Indexes allowed for their users so i'm wondering if they are using some own modifications of apache or how they do it
???

Thanks for any hint

I'm using debian Lenny with latest apache 2.2.9-10+lenny2

[falko]

You can use something like this in the Apache Directives field of a web site:

Code:

<Directory /var/www/web1/web>
  Options Indexes
</Directory>

[radim_h]

sorry for bothering, reading Apache manual does the work.
Allowing all Options is not good, then user can run cgi sripts etc..
to allow only indexes it has to look this way:

AllowOverride Indexes AuthConfig Limit FileInfo Options=Indexes

(i have tried this option before, don't understand why it didnt work, probably problem somewhere between keyboard and chair .o) )

list of allowed parameters for Options has to be separated by comma

http://httpd.apache.org/docs/2.2/mod...#allowoverride