Webserver use, configuration and managementUnit WUCM1 |
(For more reference material see Laurie (2003), Chapter 14 & 16 or Arnold (2000), Chapter 4)
Server Side Includes (SSI or the newer extended SSI, xSSI) was the original,
very simple, way of generating pages ‘on the fly’. In Apache, the functionality of SSI
is provided by the module mod_include
(part of the default set, as discussed in an earlier practical). It does
offer a handler, server-parsed
,
and defines a MIME type application/x-server-parsed
that triggers the handler on any file recognised as being of that type.
Server-side includes are generally held to be inefficient, inflexible and (most significantly) insecure. It is therefore little used.
To enable the server side includes, you need to add appropriate
options (Includes
or IncludesNOEXEC
). The Options
directive only works in a
container, so would normally be part of either a <Directory
….>
or a <Location ……>
block. Normally you would only enable SSI on particular directories and/or
with particular file extensions (usually .shtml
). If you enable SSI for the whole site you are slowing down the server process,
and potentially introducing greater scope for hackers – any feature globally
set up is generally not a good idea unless it is needed globally.
Arnold (2000) sets out the three steps that enabling SSI requires:
To make all files on the server that have the .shtml extension server parsed (and assuming +includes option setup) use:
AddHandler server-parsed .shtml
Alternatively, and perhaps better, is to set up the handler with the relevant directory, e.g.
<Directory ”/WebRoot/Roger/htdocs/parsed”>
Options +Includes
SetHandler server-parsed
</Directory>
The IncludesNOEXEC option permits the use of SSI but stops the execution of an included CGI script. The last task is to assign a MIME content type to files of the identified SSI content, e.g.
AddType text/html .shtml
The above would tell Apache to output a Content-Type: text/html header with files having the .shtml file name extension. SSI commands are included in the .shtml files to be served as a specially formatted comment, much like the use of ASP, JScript, etc.
There are a number of methods that can be employed with SSI, but perhaps the most obvious is the use of the include command, e.g.
<!--#include file=”header.inc” -->
All SSI commands are embedded within an HTML comment tags. The ‘#’ is an important prefix to the command, no spaces, the parameter file in the case is assigned a value ”header.inc” , the following space before the close comment tags is also an important syntax element.
Other commands include: set (to give a value to a variable), echo (to output the contents of a variable), config (to define the contents of an SSI configuration variable such as errmsg – an error message), exec (to execute a CGI script) etc, see Arnold (2000) or Wainwright (1999) for more details. The important question is: ‘When is it sensible to use SSI?’ - do jot down your thoughts.
Last updated by Prof Jim Briggs of the School of Computing at the University of Portsmouth |
||