SSI - NetLingo The Internet Dictionary: Online Dictionary of Computer and Internet Terms, Acronyms, Text Messaging, Smileys ;-)

Server Side Includes (SSIs)

Print this page

Things to Know about SSIs

  • They cause an extra load on your server
  • Each document sent with an ssi will need a special lookup
  • These documents can be "singled out" with an .shtml extension
  • Your webmaster (if not you) will need to get involved
  • A config file indicates the use of these, by default it is disabled, for NCSA httpd modify srm.conf:
    # ScriptAliased directories
    AddType text/x-server-parsed-html .shtml  (or .html)
    AddType application/x-httpd-cgi .cgi
    
  • Within the that you wish to have includes you will add
    Includes
    or
    IncludesNOEXEC
    

How to create SSIs

  • Although these look like comments - the # differentiates it.
  • You can present information:
    <!--#echo var="DATE_LOCAL"-->
    <!--#echo var="LAST_MODIFIED"-->
    <!--#include file="owner.txt"-->
    
  • You can execute scripts (although this is the most "insecure" part of SSIs)
    <!--#exec cgi="filename.cgi"-->
    
  • filename.cgi is a script that performs some function, it must reside in a designated cgi-bin directory (see webmaster for where that is)

Security Issues with SSIs

  • The exec form of SSIs are a major security hole - process is running as user that runs the web - in most cases root.
  • For NCSA httpd, you can disable them by placing the statement
    Options IncludesNoExec
    
    in access.conf under the directory control area.
  • Don't allow users to have areas where execs can run.


Learn Online Jargon