I want to disallow all PHP files except

Hi, I was wondering if someone could help me out here.

I am super-paranoid, so am trying to limit what PHP files can be executed on this server. I have a very small list of files that I want to allow.

So by default, I deny all php files:

<Files ~ “\.(php|php3)$”>
order allow,deny
deny from all
</Files>

I want to then selectively allow the execution of a few PHP files in a specific directory:

<Directory “/var/www/html/forums”>
<Files ~ “forummain.php$”>
order allow,deny
allow from all
</Files>
<Files ~ “index.php$”>
order allow,deny
allow from all
</Files>
</Directory>

My problem is that the ALLOW FROM ALL statements in the above FILE sections allow anyone in, even if they are denied in the root directory .htaccess, or in the root directory’s httpd.conf LIMIT.

I don’t really want to say “Allow ANYONE to access these PHP files”, rather “Allow ANYONE who is otherwise not denied elsewhere access to these PHP files”.

Does anyone know how I should configure this to work right? Is there a way to tweak that initial “deny all PHP files” bit to say “deny all PHP files except for these” ?

Thanks