WARNING: Be very careful editing your server configuration
or .htaccess files. Even a minor typographical error can
make your site unusable! Always make a backup copy of any file so you
can recover quickly.
How to Enable
Server Side Includes
on Your Web Server
THE SERVER CONFIGURATION METHOD
To me, the normal way to handle such a matter is from the
server's conf files. To enable SSI, you will have to edit two
files. The location of the files varies from installation to
installation, but you can usually find them under the apache servers
etc or conf directories.
srm.conf: Uncomment (remove the # sign) the following two lines:
access.conf: Find the line that names your Document Root and
modify the OPTIONS line to read as follows:
Options Indexes FollowSymLinks Includes
This method instructs the server to parse any page with an
extension of shtml for SSI directives. Therefore, if you want
it to work, you have to name your page, page.shtml and not page.html!
After making the changes, you must restart your server for them to
go into effect.
THE DIRECTORY CONFIGURATION METHOD
This method allows you to enable SSI in a particular directory.
A popular method for those that do not have the permission to
edit the main server configuration files, such as the virtually
hosted crowd. It is also useful if you only want SSI to be enabled
on part of your site.
Your server may not allow you to issue configuration directives
from your directories. Check with your system administrator to
see if your directories have what is called AllowOverride
Options set. If not, kindly ask to have your sysadmin turn
it on for you. (Kind, begging e-mail works best!)
To enable SSI in a given directory, either edit or create a file called
.htaccess, and add the following line:
AddType text/x-server-parsed-html .shtml
To enable this feature for your entire site, you only have to add this
.htaccess information in your website's main directory.
THE XBitHack METHOD
Relax, it is not something the family cat brought up after dinner, it
just sounds that bad. The idea is this.....
Let's say you do not want to rename your pages to x.shtml from x.html
because of blowing links, etc. Apache has a nice soution. If your
server allows you to do it (see above begging information), the
XbitHack can be a time saver. All you have to do is set the user's
execute bit on to have the server parse the page. A what?
In unix, we have what are called file permissions. Normally, a page
you own that is a web page would have permissions such as 644. This
means that you can read and write to the file, and others can only
read it. Nice security feature, huh?
Now, if we set the permission on the file to 744, which is read, write,
and execute for user, and still read only for others, the server will
know to parse the page.
In order to do this, you must add the following line to the .htaccess
file:
XBitHack On
Be Warned! This method does have potential hazards.
The file will be in fact executable. If you accidently run it
from the command line, with all the < and > in it, you can
possibly trash your site and spend the rest of the day bringing up
furballs.
Do not willy nilly set the permissions. If you have a guestbook
script (as an example) that does not filter out SSI directives, your
guestbook becomes a hacker's delight. Only chmod 744 those files you
really want the server to parse.
For extra safety, do not chmod 744 files ending with .shtml,
.txt, .jpg, .gif and so on.
Another option is to turn on the XbitHack as follows:
XBitHack Full
This will instruct the server to send a Last-Modified header. There
are problems with this. If you do not change your main document
often, but do change the text that is copied in, the browser or
proxy server will not know about the changes.
