BigNoseBird.Com- home Small Logo
The 508 compliant Guide to 
       Big Nose Bird
WARNING: Be very careful editing your server configuration or .htaccess files. Even a minor typographical error can make your site unusable! Always make a backup copy of any file so you can recover quickly.

How to Enable
Server Side Includes
on Your Web Server

Note: This information can also be found in the BigNoseBird Definitive Guide to Server Side Includes. For more information on SSI, please visit that section!
To me, the normal way to handle such a matter is from the server's conf files. To enable SSI, you will have to edit two files. The location of the files varies from installation to installation, but you can usually find them under the apache servers etc or conf directories.
srm.conf: Uncomment (remove the # sign) the following two lines:
AddType text/html .shtml
AddHandler server-parsed .shtml
access.conf: Find the line that names your Document Root and modify the OPTIONS line to read as follows:
Options Indexes FollowSymLinks Includes
This method instructs the server to parse any page with an extension of shtml for SSI directives. Therefore, if you want it to work, you have to name your page, page.shtml and not page.html! After making the changes, you must restart your server for them to go into effect.

This method allows you to enable SSI in a particular directory. A popular method for those that do not have the permission to edit the main server configuration files, such as the virtually hosted crowd. It is also useful if you only want SSI to be enabled on part of your site.

Your server may not allow you to issue configuration directives from your directories. Check with your system administrator to see if your directories have what is called AllowOverride Options set. If not, kindly ask to have your sysadmin turn it on for you. (Kind, begging e-mail works best!)

To enable SSI in a given directory, either edit or create a file called .htaccess, and add the following line:

AddType text/x-server-parsed-html .shtml
To enable this feature for your entire site, you only have to add this .htaccess information in your website's main directory.

Relax, it is not something the family cat brought up after dinner, it just sounds that bad. The idea is this.....

Let's say you do not want to rename your pages to x.shtml from x.html because of blowing links, etc. Apache has a nice soution. If your server allows you to do it (see above begging information), the XbitHack can be a time saver. All you have to do is set the user's execute bit on to have the server parse the page. A what?

In unix, we have what are called file permissions. Normally, a page you own that is a web page would have permissions such as 644. This means that you can read and write to the file, and others can only read it. Nice security feature, huh?

Now, if we set the permission on the file to 744, which is read, write, and execute for user, and still read only for others, the server will know to parse the page.

In order to do this, you must add the following line to the .htaccess file:

XBitHack On
Be Warned! This method does have potential hazards.
  • The file will be in fact executable. If you accidently run it from the command line, with all the < and > in it, you can possibly trash your site and spend the rest of the day bringing up furballs.

  • Do not willy nilly set the permissions. If you have a guestbook script (as an example) that does not filter out SSI directives, your guestbook becomes a hacker's delight. Only chmod 744 those files you really want the server to parse.

  • For extra safety, do not chmod 744 files ending with .shtml, .txt, .jpg, .gif and so on.
Another option is to turn on the XbitHack as follows:
XBitHack Full
This will instruct the server to send a Last-Modified header. There are problems with this. If you do not change your main document often, but do change the text that is copied in, the browser or proxy server will not know about the changes.

Find or Give Help on the BBS
Home Top E-Mail
If it looks great, it's by Christine
Some Fine Print
© 1997-2003 BigNoseBird.Com®, Inc. All rights reserved. All other trademarks are the sole property of their respective owners. The products that we recommend are only ones that we use. We have no relationship with any of the authors or their companies. We cannot assume responsibility for their ultimate performance or lack of same. We also cannot assume responsibility for either any programs provided here, or for any advice that is given since we have no control over what happens after our code or words leave this site. Always use prudent judgment in implementing any program- and always make a backup first! For further information, please read our Privacy Statement. We can be contacted at

Web Builder Network Portal
on the
BigNoseBird Newsletter

Sign up today to receive our low volume newsletter. Tips, tricks, news, and whatever else crosses our minds.
Back Issues
Privacy Statement