Command Center: HTML Server Side Include

Tuesday, July 19, 2011

HTML Server Side Include

Category: Apache — SkyHi @ Tuesday, July 19, 2011

Solution:

1. Use XbitHack on , but you have to rewrite the /html/cgi-bin/ cgi scripts to javascript because of vulnerability https://www.owasp.org/index.php/Server-Side_Includes_%28SSI%29_Injection

<Directory /var/www/>
##includes addded by d

               #$Options -Indexes FollowSymLinks MultiViews +Includes
                Options -Indexes FollowSymLinks MultiViews +IncludesNOEXEC
                #AllowOverride None
                AllowOverride All
                Order allow,deny
                allow from all
                #AddType text/html .shtml
                #AddOutputFilter INCLUDES .html .shtml
                XbitHack on
        </Directory>

<Directory "/var/www/html/whitt.com/html">
    Options FollowSymLinks +Includes
    AllowOverride All
    AddType text/html .shtml
    DirectoryIndex index.php index.html index.html.var index.shtml
</Directory>

Create a SSI test file and save it under /var/www/ssi-test.shtml.

Test it works
<html>
<head>
<title>SSI Test Page
</head>
<body>
<!--#echo var="DATE_LOCAL" -->
</body>
</html>

2. use mod_rewrite, http://corz.org/serv/tricks/htaccess2.php to rewrite php to html, this could have you penalized by the search engines.

3. use javascript http://www.boutell.com/newfaq/creating/include.html

REFERENCES

//IncludesNOEXEC

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-apache-config-ui.html

//How to use SSI

http://techtricks.co.in/linux/fedora/enabling-server-side-includesssi-on-fedora-core-default

https://help.ubuntu.com/community/ServerSideIncludes

Command Center

Tuesday, July 19, 2011

HTML Server Side Include

Labels

Blog Archive

My Blog List