Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
Apache Today [Your Apache News Source] To internet.com

Apache HTTPD Links
Apache Project
Apache-Related Projects
The Jakarta Project
Apache Module Registry
Apache XML Project
The Apache Software Foundation
The Apache FAQ
PHP Server Side Scripting
The Java Apache Project
Apache-Perl Integration Project
ApacheCon
  internet.com

Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ECommerce/Marketing
ISP Resources
ASP Resources
Wireless Internet
Downloads
Internet Resources
Internet Lists
International
EarthWeb
Career Resources

Search internet.com
Advertising Info
Corporate Info
Apache Guide: Introduction to Server Side Includes
Jun 12, 2000, 10 :43 UTC (26 Talkback[s]) (23403 reads) (Other stories by Rich Bowen)

By

This is the first of three articles dealing with Server Side Includes, usually called simply SSI. In this article, I'll talk about configuring your server to permit SSI and introduce some basic SSI techniques for adding dynamic content to your existing HTML pages.

In the second article, we'll talk about some of the somewhat more advanced things you can do with SSI, and in the third week, we'll look at the advanced things that can be done with SSI, such as conditional statements in your SSI directives.

What are SSI?

SSI (Server Side Includes) are directives that are placed in HTML pages and evaluated on the server while the pages are being served. They let you add dynamically generated content to an existing HTML page, without having to serve the entire page via a CGI program or other dynamic technology.

The decision of when to use SSI, and when to have your page entirely generated by some program, is usually a matter of how much of the page is static and how much needs to be recalculated every time the page is served. SSI is a great way to add small pieces of information, such as the current time. But if a majority of your page is being generated at the time that it is served, you need to look for some other solution.

Configuring Your Server to Permit SSI

To permit SSI on your server, you must have the following directive either in your httpd.conf file or in a .htaccess file:

     Options +Includes

This tells Apache that you want to permit files to be parsed for SSI directives.

Not just any file is parsed for SSI directives. You have to tell Apache which files should be parsed. There are two ways to do this. You can tell Apache to parse any file with a particular file extension, such as .shtml, with the following directives:

        AddType text/html .shtml
        AddHandler server-parsed .shtml

One disadvantage to this approach is that if you wanted to add SSI directives to an existing page, you would have to change the name of that page, and all links to that page, in order to give it a .shtml extension, so that those directives would be executed.

The other method is to use the XBitHack directive:

        XBitHack on

XBitHack tells Apache to parse files for SSI directives if they have the execute bit set. So, to add SSI directives to an existing page, rather than having to change the file name, you would just need to make the file executable using chmod.

        chmod +x pagename.html

A brief comment about what not to do. You'll occasionally see people recommending that you just tell Apache to parse all .html files for SSI, so that you don't have to mess with .shtml file names. These folks have perhaps not heard about XBitHack. The thing to keep in mind is that, by doing this, you're requiring that Apache read through every single file that it sends out to clients, even if they don't contain any SSI directives. This can slow things down quite a bit and is not a good idea.

Of course, on Windows, there is no such thing as an execute bit to set, so that limits your options a little if you're running Apache on Windows.

Basic SSI Directives

SSI directives have the following syntax:

        <!--#element attribute=value attribute=value ... -->

It is formatted like an HTML comment, so if you don't have SSI correctly enabled, the browser will ignore it, but it will still be visible in the HTML source. If you have SSI correctly configured, the directive will be replaced with the results of the directive.

The element can be one of a number of things, and we'll talk some more about most of these in the next installment of this series. For now, here are some examples of what you can do with SSI.

Today's Date

        <!--#echo var=DATE_LOCAL -->

The echo element just spits out the value of a variable. There are a number of standard variables, which include the whole set of environment variables that are available to CGI programs. Also, you can define your own variables with the set element.

If you don't like the format in which the date gets printed, you can use the config element, with a timefmt attribute, to modify that formatting.

        <!--#config timefmt="%A %B %d, %Y" -->
        Today is <!--#echo var=DATE_LOCAL -->

Modification Date of the File</4>

        This document last modified <!--#flastmod file="index.html" -->

This element is also subject to timefmt format configurations.

Including the Results of a CGI Program

This is one of the more common uses of SSI - to output the results of a CGI program, such as everybody's favorite, a hit counter.

        <!--#exec cgi="/cgi-bin/counter.pl" -->

We'll definately come back to this in another article.

Other Stuff

And, of course, there are a variety of other things that we can do with SSI. I need to leave something to talk about next week. So, next week, we'll have a lot more examples, and talk about some of the more involved things that you will be able to do with SSI.

Rich Bowen is the Director of Web Application Development at The Creative Group and the author of Apache Server Unleashed.

  Current Newswire:
NewsForge: VA spin-off releases first product, aims for profit

Apache 2.0.28 Released as Beta

Covalent Technologies announces industry support for Enterprise Ready Server and Apache 2.0

developer.com: On the Security of PHP, Part 1

Apache/PHP-based Content Management System Release

HyperSpace Communications announces limited release of HyperSpace Accelerator software

Mod_xslt added to Apache Module Registry

SupportWizard broadens Apache support in response to Nimda and Code Red worms

SEWATCH: The Big List of Web Robots

Sun extends SOAP support across Sun ONE integrated product portfolio

  [Home][Top of Page]
Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat  
 Talkback(s) Name  Date
  Security on SSI
Hi,
i am not to close with the matter but i would like to ask
how secure are the SSI on a server? I have try it on my PC
and i notice that i can do anything a nobody user can...
I can and get the password file.
I have also make a ping to some host. Is there a way to have it enabled on your
server and be sure that you are totaly secure & protected from these attacks?


thanx and sorry if i get of the subject.   
  Jun 13, 2000, 10:33:51
  windows 95 sucks
man what i have todo for running includes with the latest version of apache for windows.

i don have internet connection, but what i have to write in tcp/ip and in the *.conf for this.   
  Jun 13, 2000, 19:45:01
  Re: windows 95 sucks
The configuration on Windows will be the same as on Unix for the things specified in these articles. If you want to set up an Apache server on a machine that is not connected to the 'net, you can set ServerName to anything you like (or nothing at all) and it will work just fine. In your browser, connect to http://localhost/ or http://127.0.0.1/ in order to connect to your own server.

--Rich

http://www.apacheunleashed.com/   
  Jun 25, 2000, 20:05:37
  Re: Security on SSI
You can embed directives in a web page to do just about anything - as you observe, anything that the user 'nobody' can do.

There are some security precautions that you can take. Most of them, however, are not related to Apache at all, but are related to how secure your machine is in other ways. That is, if you permit people to log on and create HTML pages, those same people can access information on your server in other ways (easier ways) that doing it through a web page. That is, they can get your password file and ping other hosts directly, rather than going to all the trouble to do it through a web page.

The best thing that you can do with Apache to make this secure is to disable it. The next best things that you can do are 1) set NoExec so that #exec directives are disabled, and 2) make sure that you don't permit random strangers off the net to directly create HTML content for your site. Guestbooks are a big violation of this, for example. If you have a guestbook, have it run out of a database, so that the users are not actually creating HTML pages that can contain SSI directives.

--Rich

http://www.apacheunleashed.com/   
  Jun 25, 2000, 20:10:30
  Apache 1.3.14 on Win98 SSI Does not work
I have followed all of the directions to get SSI to work with my server, however I cannot for the life of me get it to work. According to the config file the module is compiled in already. I have uncommented the required directives and it still produces pages that ignore the includes.

Is there any other considerations that I should be aware of. I am also running a Cold Fusion server as well but the ability to use SSI has intrigued me.

Adrian.   
  Oct 25, 2000, 00:56:09
  Re: Apache 1.3.14 on Win98 SSI Does not work
I'm running Apache 1.3.12 with Jserv 1.1.2 on a Win 98 box.

I can't get SSI to work either. I've made the changes to the httpd.conf file (which seem easy enough) as listed in this article and restarted the server numerous times, but I still can't get the simplest SSI functions to work.

Does anyone else have this problem? Is there a way around it?   
  Nov 2, 2000, 02:08:34
  SSI documentation = awsome

This page was incredibly helpfull. It gave me the exact information I needed to use SSIs effectively. Thanks to Apache for the great program, and to Rich Bowen for the great documentation.   
  Nov 21, 2000, 18:03:27
  Re: Re: Apache 1.3.14 on Win98 SSI Does not work
I have exactly the same experience using Win95. Changed the httpd.conf file as stated and nothing works. Any hints?   
  Nov 29, 2000, 22:33:37
  help

Today is

I tried to put those script on my shtml page, and it only gave me Today is
I did already option +includes at my /home directory
and chmod +x index.shtml

What could I done wrong?
But I didn't do the XBitHack on ?
How can I do that?

  
  Dec 29, 2000, 05:36:00
  Re: Re: Apache 1.3.14 on Win98 SSI Does not work
I failed with 1.3.14 on W2k too!   
  Jan 3, 2001, 11:53:10
  Re: Re: Re: Apache 1.3.14 on Win98 SSI Does not work
I can't get SSI to work on Win '98 any Ideas of how I can get this working? I have tried everything listed above is there anything else or a better way that WORKS?   
  Jan 8, 2001, 04:05:48
  Re: Re: Re: Re: Apache 1.3.14 on Win98 SSI Does not work
If somebody found a way to use SSI under Win98 with Apache 1.3.14, it seems you'll be able to make many people happy around here ;)   
  Jan 13, 2001, 17:18:53
  Apache 1.3.14 on Win98 SSI
I asked how to set that on Usenet and a Rob (a.k.a. Sisysphus) guy gave me the answer!
In my case, I did not put the Options directive in a section.
As I put it into Virtual Hosts, I just put the Options +Includes line.
I had to add this :

Options +Includes

And it worked...

I hope this will help some of you here...

- Sébastien Thüler   
  Jan 14, 2001, 20:04:10
  Re: Re: Re: Re: Re: Apache 1.3.14 on Win98 SSI Does not work
Apache 1.3.14 on W9x and W2k seems that doesn't work with SSI .... hey apache team where is hotfix ?   
  Jan 15, 2001, 13:54:36
  Re: Apache 1.3.14 on Win98 SSI
Boy - I've tried everything (including that) and I'm in agreement with everyone else on this board - it doesn't work under Win32.
I know for a fact the configuration is correct - I've verified it with friends and others running *nix.

Apache team?   
  Jan 17, 2001, 17:52:29
  Correct Procedure for SSI Includes on win9x/NT/2k
you need to add "includes" or "+includes" to the options for the directory.
This means it goes inbetween the and commands where
you have them specified. It is SUPPOSED to affect all dirs if you specify it at
root. It however does not. you need to put it in for each directory.   
  Jan 22, 2001, 11:07:40
  Apache 1.3.14 on RHS Based Mklinux SSI no go.
Hey, ive read the above instructions, as well as all the posts and still have had no luck in enabling SSI in apache 1.3.14. I added the correct options into the directives, plus uncommented the parsing capabilities. No SSI's will work! Help!
  
  Feb 1, 2001, 23:47:30
  Re: Re: Apache 1.3.14 on Win98 SSI Does not work
i have the same problem on my win me server with apache 1.3.17.

i followed all the instructions too but ssi just wont work :(
  
  Feb 7, 2001, 14:19:43
  Re: Re: Apache 1.3.14 on Win98 SSI
I stumbled across this page trying to help a coworker get SSI to work on Windows with Apache 1.3.14. We got it to work about fumbling around a bit.

The problem was the "Options +Includes" directive. The instructions in the Apache documentation are deceptive. You can't just throw that line into the httpd.conf file. We added the "+Includes" in the root Directory block, like this:


Options FollowSymLinks +Includes
AllowOverride None


This got it SSI's to come up just fine. Hope it works for you too.



  
  Feb 21, 2001, 16:44:51
  cgi on other server
I have different servers, which one of them is used to store all the Ads, banners and all stuff (http://ads.joal.net/).

It is used by the other servers, but when I want to "run" the cgi that return the banner code, I got an error (check: http://biblioteca.joal.net/index.shtml), but I am using the same routine on both, working just on the first one.

It is possible to run a cgi on a different server via Shtml?
Any idea of solution?

------
the code on http://ads.joal.net/index.shtml :
<!--# include virtual="/cgi-bin/VirtualShtml.pl?query=void"-->

the code on http://biblioteca.joal.net/index.shtml :
<!--# include virtual="http://ads.joal.net/cgi-bin/VirtualShtml.pl?query=void"-->

(notice that double quote are displayed with a backslage on this page)
------


Atentamente,
Greetings,

J. Alejandro Ceballos Z.
http://www.joal.net/
[email protected]

  
  Feb 28, 2001, 18:34:14
  how can I run php files on Apache?
I'm not very familiar with Apache and want to use it to run a PHP based server side software. How do I configure the Apache to run the PHP files? (currently, what I get when I call a PHP file is the file content)   
  Mar 14, 2001, 21:39:53
  Perl counter with linux
I am attemping to implement a simple counter program written in Perl. The counter should increase by one each time but nothing is ever displayed. Could someone tell where to look for the error ?
  
  Apr 13, 2001, 19:36:38
  Re: Re: Re: Apache 1.3.14 on Win98 SSI
> I stumbled across this page trying to help a coworker get SSI to work on Windows with Apache 1.3.14. We got it to work about fumbling around a bit.
The problem was the "Options +Includes" directive. The instructions in the Apache documentation are deceptive. You can't just throw that line into the httpd.conf file. We added the "+Includes" in the root Directory block, like this:

Options FollowSymLinks +Includes
AllowOverride None

This got it SSI's to come up just fine. Hope it works for you too.



===

Wow, THANKS!

You are right. The documentation on the apache web site is totally misleading, doing things your way it worked for me too ... doing things their way, it didn't work.

I'm using Apache as supplied with RH Linux 6.2 - I think its version 1.3 something.

Sadhu   
  Apr 17, 2001, 16:22:26
  Apache API
Hi,
I would like to monitor my Apache Server (to get information like http traffic, # of clients connected, # of Virtual hosts etc.). I would like to know what are the API available and where I can get these APIs. I would like to do use C programming.

Any body can suggest on this.

rgds,
srini   
  Jun 25, 2001, 07:08:30
  Re: Re: Apache 1.3.14 on Win98 SSI Does not work
Did you restart HTTPD?
  
  Jun 26, 2001, 13:36:00
  Apache proxy to Concord
We are currently implementing Apache web server 1.3.6 on Solaris 7 to act as a proxy server to our concord box (Network Health 4.5). It has been compiled to include the proxy module, and is to be utilised to prevent people from directly connecting to our concord machine. The configuration has been tested to successfully proxy to other web servers that have a standard HTML file as their default web page, yet when configured to point to the concord machine, an Internal 500 error occurs. We believe that this may be due to concord's default page being a shell script (welcome.sh) that dynamically generates the HTML output, and that Apache does not know how to handle this. We also believe that there may need to be a directive of some sort added to the httpd.conf file in Apache.

Regards,

Jody Martins   
  Oct 24, 2001, 13:48:02
  Home | Search Talkbacks | Customize View 
  Top of Page  
Enter your comments below.
Your Name: Your Email Address:


Subject: CC: [will also send this talkback to an E-Mail address]
Comments:

See our talkback-policy for or guidelines on talkback content.

About Triggers Media Kit Security Triggers Login


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.
http://www.internet.com/