title: Server Side Includes on RHEL 5 Apache 2.2 link: https://onemoretech.wordpress.com/2010/07/13/server-side-includes-on-rhel-5-apache-22/ author: lembobro description: post_id: 145 created: 2010/07/13 15:40:55 created_gmt: 2010/07/13 15:40:55 comment_status: open post_name: server-side-includes-on-rhel-5-apache-22 status: publish post_type: post

The Apache Group’s own Apache Tutorial: Introduction to Server Side Includes is the best starting point for this. There’s a brief mention in the RHEL 4 Reference Guide, but it’s barely worth skimming, except for its pointing out that the “Options +Includes” or “Options +IncludesNoExec” directive needs to be enclosed in a container (or an .htaccess file) to be effective. That last is something assumed by the Apache doc (we all know that Options directives have to be within a container, don’t we?), but not spelled out.

Here are the essentials that must be in httpd.conf (for the purpose of this example, we’ll assume you want to enable SSI from the DocumentRoot for a particular virtual host down):

<Directory / >
    Options +IncludesNoExec
    AddType text/html .shtml
    AddOutputFilter Includes .shtml 
</Directory>

Note that IncludesNoExec is used in the example, as the preferred option from a security standpoint. While Includes allows execution of CGI scripts, IncludesNoExec does not, and as a result exposes one less vector for attack. See Security Tips - Apache HTTP Server: Server Side Includes for more on the security considerations involved.

Thanks to Patrik Stjernquist of the Unix support team for working through this with me in the real world.

Copyright 2004-2019 Phil Lembo