Always check for security updates and bug fixes if you use CGIs developed by other users or outside developers. Poorly updated and improperly implemented or written CGIs can pose significant security threats in your system.
Server-side includes are directives written directly into an HTML page, which the server parses when the page is served to the web client. SSIs can be used to include other files, the output from programs, or environment variables.
You can enable SSI with the xBitHack directive. xBitHack can be set to a value of on or off and can be set in either your configuration file or .htaccess files. If the XBitHack directive is on, it indicates that all files with the user execute bit set should be parsed for SSI directives. This has two main advantages. One is that you don't need to rename a file and change all links to that file simply because you want to add a little dynamic content to it. The other reason is more cosmetic: Users looking at your web content can't tell by looking at the filename that you're generating a page dynamically, so your wizardry is just a tiny bit more impressive.
Another positive side effect of using xBitHack is that it enables you to control how clients should cache your page. Pages containing SSI statements do not usually contain a Lastmodified HTTP header. Therefore, they will not be cached by proxies or web browsers. If you enable XBitHack, the group-execute bit for files control whether a Last-modified header should be generated. It is set to the same value as the last modified time of the file. Be sure to use this only on files that really are supposed to be cached.
Another way to enable SSI is to indicate that files with a certain filename extension (typically .shtml) are to be parsed by the server when they're served. This is accomplished with the following lines in your httpd.conf file:
# To use server-parsed HTML files
#AddType text/html .shtml #AddHandler server-parsed .shtml
If you uncomment the AddType and AddHandler lines, you tell the server to parse all .shtml files for SSI directives.
In addition to these directives, the following directive must be specified for directories in which you want to permit SSI:
This can be set in the server configuration file or in a .htaccess file.
Was this article helpful?