Free Web Hosting by Netfirms
 Web Hosting by Netfirms | Free Domain Names by Netfirms

SSI

Basic SSI directives

 

Hint 2

 

Hide links from external users

SSI directives have the following syntax:

        <!--#element attribute=value attribute=value ... -->

It is formatted like an HTML comment, so if you don't have SSI correctly enabled, the browser will ignore it, but it will still be visible in the HTML source. If you have SSI correctly configured, the directive will be replaced with its results.

The element can be one of a number of things, and we'll talk some more about most of these in the next installment of this series. For now, here are some examples of what you can do with SSI

Today's date

        <!--#echo var="DATE_LOCAL" -->

The echo element just spits out the value of a variable. There are a number of standard variables, which include the whole set of environment variables that are available to CGI programs. Also, you can define your own variables with the set element.

If you don't like the format in which the date gets printed, you can use the config element, with a timefmt attribute, to modify that formatting.

        <!--#config timefmt="%A %B %d, %Y" -->

        Today is <!--#echo var="DATE_LOCAL" -->

Modification date of the file

        This document last modified <!--#flastmod file="index.html" -->

This element is also subject to timefmt format configurations.

Including the results of a CGI program

This is one of the more common uses of SSI - to output the results of a CGI program, such as everybody's favorite, a ``hit counter.''

        <!--#include virtual="/cgi-bin/counter.pl" -->

 

Use the if command and the REMOTE_ADDR CGI variable to see if the user is in the local domain:

      <!--#if expr="$REMOTE_ADDR = /^1.2.3./" -->

        <a href="internal-documents.html ">Internal Documents</a>

      <!--#endif -->

    (Where 1.2.3 is the IP address prefix of the local domain).

Configure for server-side includes
If you want to take a small step beyond static HTML pages, but you aren't quite ready to dive into writing your own Perl scripts, then you should try server-side includes (SSI). With SSI turned on, Apache will preparse certain HTML files before sending them out, looking for special embedded commands. These commands allow you to do basic things like include the contents from another file or print out an environment variable.

To enable it, you first need to make sure it has been compiled into your version of Apache. Go to the directory where your httpd executable resides, typically /usr/local/apache/sbin, and type ./httpd -l. That should return a list of all the modules included in your build of Apache. Hopefully mod_include.c is in that list. If not, you'll have to rerun the build of Apache, editing the comment code from the mod_include in the Configuration.tmpl file.

Once you've determined that mod_include is available, you have to allow the execution of includes and map an appropriate filetype. As with all things Apache, there are about a gazillion ways to do this. Probably the easiest is to enable all the options in one place in your access.conf file:


<Directory /usr/local/apache/share/htdocs/include>
Options +Includes
AddType text/html .shtml
AddHandler server-parsed .shtml
</Directory>
 

All files in the /usr/local/apache/share/htdocs/include directory that contain a .shtml extension get parsed by Apache before being sent out to a browser.

In many instances, the AddType and AddHandler directives are already in your srm.conf file, but they're commented out. So you could uncomment those, and in your access.conf file set the Options to allow executing include commands. Note the use of the plus sign in the Options directive--that tells Apache to add this option to any preceding options settings, rather than overriding them. If you want to limit the SSI support to prevent executing potentially dangerous programs, you might want to use Options +IncludesNOEXEC.

To test your settings, create a test.shtml file like this one:


<HEAD><TITLE>SSI Test</TITLE></HEAD>
<BODY bgcolor="white">
<H1>SSI Test</H1>
File last modified <!--#flastmod file="test.shtml" -->
<P><PRE>
<!--#printenv -->
</PRE>
<P><!--#exec cmd="/bin/date" -->
</BODY>
</HTML>
 

Apache will attempt to parse any text that starts with a <!--#. The example uses three SSI commands--flastmod, printenv, and exec (the complete list of SSI commands is on the Apache Quick Reference Card). The flastmod prints the last-modified date for the specified file, printenv spits back a list of environment variables and their values, and exec runs the specified shell command. Note that if you've configured Options +IncludesNOEXEC , then the exec command returns an error message instead of the current date and time.