hi

This is a minor issue but imho this is not very beautiful:

.inc files should not be shown in browser as raw see http://<ip>/auth.inc.

I know anybody can browse to these files only if authenticated and 
showing them is not a security issue, but there is also no need to show 
include files as raw.

So what about renaming them to .inc.php or let httpd parse .inc as .php 
or deny access to .inc?

Regards
rm