Chapter 13. Server Side Includes
Server Side Includes (SSI) are directives you can place into an HTML document to execute other programs or to output data, such as file statistics or the contents of environment variables. SSI directives can save you the trouble of writing complete CGI programs to output documents containing a small amount of dynamic information. While Server Side Includes aren't technically CGI, they can be an important tool for incorporating CGI-like information as well as output from CGI programs.
In addition to output of specific directives, SSI can use conditional expressions to evaluate portions of documents. This extended SSI functionality is available in Apache 1.2 and later.
When a client requests a document from an SSI-enabled server and the document is coded appropriately, the server parses the specified document looking for SSI directives. We've already considered the advantages to this system; there are also a couple of liabilities. First, parsing documents before sending them to the client represents additional server overhead. Second, enabling SSI can create a security risk. For example, an unwise user might embed directives to execute system commands that output confidential information. In short, SSI can be very handy, but it must be used cautiously and efficiently.
This chapter summarizes the Server Side Includes directives and the extended expression syntax. There aren't many directives, but they perform some useful CGI-like operations and can spare you quite a bit of coding.
13.1. Configuring the Apache Server for SSI
In the appropriate <Directory> sections of the server configuration file httpd.conf (or .htaccess files), include the following directive:
In the main configuration file, you must specify the parsed file type (.shtml) and associate it with the INCLUDES filter, which implements the SSI module mod_include. For example, the following two lines specify that the server should handle documents with the .shtml suffix as HTML documents, and parse them for SSI:
AddType text/html .shtml AddOutputFilter INCLUDES .shtml
Prior to Apache 2.0, the server-parsed handler implemented the SSI module with:
AddHandler server-parsed .shtml
If you specify the suffix .html here, the server would parse all HTML documents. This would make it easier to modify files without having to worry about changing link and other issues, but it would cause a noticeable performance hit to the server. An alternate method to using the .shtml file extension is to use the XBitHack directive:
This tells Apache to parse for SSI any file that has the executable permission set. You can do this for a file with the following command:
chmod +x filename.html
See Chapter 19 for more on configuring the Apache server.
Copyright © 2003 O'Reilly & Associates. All rights reserved.