BigNoseBird.Com- Home Small Logo
The 508 Compliant Guide to Big Nose Bird
BACK

How to Enable
Server Side Includes
on Your Web Server

Note: This page is primarily geared towards users of the Apache family of web servers. If you are using Netscape Server or IIS, you will need to check their documentation for the specifics. Users of Stronghold and other Apache offspring should be okay.
THE SERVER CONFIGURATION METHOD
To me, the normal way to handle such a matter is from the server's conf files. To enable SSI, you will have to edit two files. The location of the files varies from installation to installation, but you can usually find them under the apache servers etc or conf directories.
srm.conf: Uncomment (remove the # sign) the following two lines:
AddType text/html .shtml
AddHandler server-parsed .shtml
access.conf: Find the line that names your Document Root and modify the OPTIONS line to read as follows:
Options Indexes FollowSymLinks Includes
This method instructs the server to parse any page with an extension of shtml for SSI directives. Therefore, if you want it to work, you have to name your page, page.shtml and not page.html! After making the changes, you must restart your server for them to go into effect.

ALLOWING SSI PAGES TO BE YOUR DIRECTORY INDEX PAGE
By default, your default or index page for a directory is usually set to index.html. In order to be able to also use index.shtml as a valid index page, modify either your httpd.conf or srm.conf file's DirectoryIndex directive to look as follows:

DirectoryIndex index.shtml index.html
Please note that order does matter! If for some reason you want to also retain your index.html file so outside links are not blown, place the index.shtml before the index.html. This will direct the server to use the first item on the line (in this case index.shtml) as the index file.

You should also be able to place this line in your .htaccess file if you are unable to edit the master configuration files.

THE DIRECTORY CONFIGURATION METHOD
This method allows you to enable SSI in a particular directory. A popular method for those that do not have the permission to edit the main server configuration files, such as the virtually hosted crowd. It is also useful if you only want SSI to be enabled on part of your site.

Your server may not allow you to issue configuration directives from your directories. Check with your system administrator to see if your directories have what is called AllowOverride Options set. If not, kindly ask to have your sysadmin turn it on for you. (Kind, begging e-mail works best!)

To enable SSI in a given directory, either edit or create a file called .htaccess, and add the following line:

AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes
To enable this feature for your entire site, you only have to add this .htaccess information in your website's main directory.

THE XBitHack METHOD
Relax, it is not something the family cat brought up after dinner, it just sounds that bad. The idea is this.....

Let's say you do not want to rename your pages to x.shtml from x.html because of blowing links, etc. Apache has a nice soution. If your server allows you to do it (see above begging information), the XbitHack can be a time saver. All you have to do is set the user's execute bit on to have the server parse the page. A what?

In unix, we have what are called file permissions. Normally, a page you own that is a web page would have permissions such as 644. This means that you can read and write to the file, and others can only read it. Nice security feature, huh?

Now, if we set the permission on the file to 744, which is read, write, and execute for user, and still read only for others, the server will know to parse the page.

In order to do this, you must add the following line to the .htaccess file:

XBitHack On
Be Warned! This method does have potential hazards.
  • The file will be in fact executable. If you accidently run it from the command line, with all the < and > in it, you can possibly trash your site and spend the rest of the day bringing up furballs.

  • Do not willy nilly set the permissions. If you have a guestbook script (as an example) that does not filter out SSI directives, your guestbook becomes a hacker's delight. Only chmod 744 those files you really want the server to parse.

  • For extra safety, do not chmod 744 files ending with .txt, .jpg, .gif and so on.
Another option is to turn on the XbitHack as follows:
XBitHack Full

Then, use chmod 754 so that the group execute bit is set as well.

This will instruct the server to send a Last-Modified header. There are problems with this. If you do not change your main document often, but do change the text that is copied in, the browser or proxy server will not know about the changes.
 

Find or Give Help on the BBS
 
Home Top E-Mail
If it looks great, it's by Christine
Some Fine Print
© 1997-2003 BigNoseBird.Com®, Inc. All rights reserved. All other trademarks are the sole property of their respective owners. The products that we recommend are only ones that we use. We have no relationship with any of the authors or their companies. We cannot assume responsibility for their ultimate performance or lack of same. We also cannot assume responsibility for either any programs provided here, or for any advice that is given since we have no control over what happens after our code or words leave this site. Always use prudent judgment in implementing any program- and always make a backup first! For further information, please read our Privacy Statement. We can be contacted at webmaster@bignosebird.com.


<reallybig.com>
Web Builder Network Portal
Advertise
on the
Reallybig.com
Network
BigNoseBird Newsletter
Subscribe
Un-Subscribe


Sign up today to receive our low volume newsletter. Tips, tricks, news, and whatever else crosses our minds.
Back Issues
Privacy Statement