Classnotes | UNIX03 | RecentChanges | Preferences Apache provides an excellent feature called Server Side Includes (SSI). SSI allows web-sites to dynamically include content from other web-pages, server side scripts, even underlying system features. Unfortunately, when not treated with care, SSI can be little more than a catastrophy waiting to happen.
SSI is enabled using the Options directive (see also http://httpd.apache.org/docs/mod/core.html#options). In order to allow SSI's of a non-specific nature, you would add the following to your httpd.conf file:
Options Includes
If you wanted to restrict these includes to non-executable files only (i.e., only other html or shtml files) then you would use:
Whenever you set up the hierarchy for your web-site, pay special attention to the needs of every directory on your server. You will have to determine on a case-by-case basis where to allow includes to take place. Often, system administrators will adhere to the following rule of thumb
Allow all SSIs
Web-root (/)
Any truely necessary SSI location (such as mailing lists, online shopping carts, etc.)
Allow only non-executable SSIs
Departmental or office homepages (business office, human resources, etc.)
Any pages that will consist of largely static documents
