How to Enable
Server Side Includes
on Your
Web Server

Note: This page is primarily geared towards users of the Apache family of web servers.

To me, the
normal way to handle such a matter is from the server's conf files. To enable SSI, you will have to edit two files. The location of the files varies from installation to installation, but you can usually find them under the apache servers etc or conf directories.

srm.conf: Uncomment (remove the # sign) the following two lines:

AddType text/html .shtml
AddHandler server-parsed .shtml

access.conf: Find the line that names your Document Root and modify the OPTIONS line to read as follows:

Options Indexes FollowSymLinks Includes

This method instructs the server to parse any page with an extension of shtml for SSI directives. Therefore, if you want it to work, you have to name your page, page.shtml and not page.html! After making the changes, you must restart your server for them to go into effect.

This method allows you to enable SSI in a particular directory. A popular method for those that do not have the permission to edit the main server configuration files, such as the virtually hosted crowd. It is also useful if you only want SSI to be enabled on part of your site.

Your server may not allow you to issue configuration directives from your directories. Check with your system administrator to see if your directories have what is called AllowOverride Options set. If not, kindly ask to have your sysadmin turn it on for you. (Kind, begging e-mail works best!)

To enable SSI in a given directory, either edit or create a file called .htaccess, and add the following line:

AddType text/x-server-parsed-html .shtml

To enable this feature for your entire site, you only have to add this .htaccess information in your website's main directory.

Relax, it is not something the family cat brought up after dinner, it just sounds that bad. The idea is this.....

Let's say you do not want to rename your pages to x.shtml from x.html because of blowing links, etc. Apache has a nice soution. If your server allows you to do it (see above begging information), the XbitHack can be a time saver. All you have to do is set the user's execute bit on to have the server parse the page. A what?

In unix, we have what are called file permissions. Normally, a page you own that is a web page would have permissions such as 644. This means that you can read and write to the file, and others can only read it. Nice security feature, huh?

Now, if we set the permission on the file to 744, which is read, write, and execute for user, and still read only for others, the server will know to parse the page.

In order to do this, you must add the following line to the .htaccess file:

XBitHack On

Be Warned! This method does have potential hazards.

  • The file will be in fact executable. If you accidently run it from the command line, with all the < and > in it, you can possibly trash your site and spend the rest of the day bringing up furballs.

  • Do not willy nilly set the permissions. If you have a guestbook script (as an example) that does not filter out SSI directives, your guestbook becomes a hacker's delight. Only chmod 744 those files you really want the server to parse.

  • For extra safety, do not chmod 744 files ending with .shtml, .txt, .jpg, .gif and so on.

Another option is to turn on the XbitHack as follows:

XBitHack Full

This will instruct the server to send a Last-Modified header. There are problems with this. If you do not change your main document often, but do change the text that is copied in, the browser or proxy server will not know about the changes. - the ultimate linux source

The Linux Webring [ Prev | Next | Home | Random | List ]