These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Server Side Includes And Script Issues

Classnotes | UNIX03 | RecentChanges | Preferences

No diff available--this is the first major revision. (no other diffs)
Apache provides an excellent feature called Server Side Includes (SSI). SSI allows web-sites to dynamically include content from other web-pages, server side scripts, even underlying system features. Unfortunately, when not treated with care, SSI can be little more than a catastrophy waiting to happen.

SSI is enabled using the Options directive (see also http://httpd.apache.org/docs/mod/core.html#options). In order to allow SSI's of a non-specific nature, you would add the following to your httpd.conf file:

 Options Includes

If you wanted to restrict these includes to non-executable files only (i.e., only other html or shtml files) then you would use:

 Options IncludesNOEXEC?

Whenever you set up the hierarchy for your web-site, pay special attention to the needs of every directory on your server. You will have to determine on a case-by-case basis where to allow includes to take place. Often, system administrators will adhere to the following rule of thumb

  • Allow all SSIs
    • Web-root (/)
    • Any truely necessary SSI location (such as mailing lists, online shopping carts, etc.)

  • Allow only non-executable SSIs
    • Departmental or office homepages (business office, human resources, etc.)
    • Any pages that will consist of largely static documents

  • Allow no SSIs whatsoever
    • Personal homepages


Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited June 14, 2003 12:30 am (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.