[vox-tech] help -- server side include isn't working

ME vox-tech@lists.lugod.org
Sun, 3 Feb 2002 11:22:48 -0800 (PST) 

On Sun, 3 Feb 2002, Peter Jay Salzman wrote:
> for some reason, SSI isn't working and i have no idea why.  the page
> that i'm trying to make work is:
> 
> 	http://www.dirac.org/pcgm/bulletinboard.shtml
> 
> in /etc/apapche/srm.conf, i have the lines:
> 
> 	AddType text/html .shtml
> 	AddHandler server-parsed .shtml
> 
> i didn't put this in the file myself -- the config file came from debian
> with these lines commented out, and i uncommented them.
> 
> of course i restarted apache, many times.  i even ran strace to make
> sure it was reading this file (overkill, but i'm at a total loss here).
> 
> the server just seems to be totally ignoring the SSI stuff, and i'm not
> seeing anything in the apache logs that's helpful.
> 
> anyone have suggestions on why SSI may not be working?

You prob need to modify the <directory> </directory> section for the
relative location used in the server to add an OPTIONS entry to allow SSI
to take place.

If you choose not to do this, you can take the less secure route, and not
modify the Options entry but instead add "AllowOverride All" and then
create .htaccess files in directories that specify what options to have.

In particular, you prob want ( 
 IncludesNoExec
or
 Includes

added to your options entry
(example:)
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

These you will want to avoid if others may write data to the directory
(security reasons):
ExecCGI : Allows user to create programs  (cgi) that run on the server
  with perhaps their UID, the default apache uid, or nobody. When the
  users are not permitted shell access, this effectively may allow them to
  have *some* shell access - though a bit clunky.
FollowSymLinks : If they can manage creation of a symlink to /etc/passwd
  (they being ?) then your /etc/passwd file may be web page publishable
Includes : this allows for the #exec in arbitrary execution of commands on
  the server which can also be a clunky shell.


When you look to add these, make sure to add them where your <directory>
references the actual directory you are coding. If there is only one
<directory> entry, then that would be the place to do it.

The apachedocs manual explains the options and directory system quite
well.

For example, in the FAQ that ships with apache there is a section on SSI:

"F. Dynamic Content (CGI and SSI)"

 "1. How do I enable CGI execution in directories other than the
ScriptAlias?"

 "7. How do I enable SSI (parsed HTML)? "

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library