Is there a way to enable SSI on a server (running apache), but only allow the include element (<!--#include -->) and not any other?
Asked
Active
Viewed 140 times
2
1 Answers
2
There isn't quite that level of granularity. The best you can do is use
Options IncludesNOEXEC
which will disable the #exec cgi and #exec cmd versions. You'll still get all the rest.
I'll add that SSI processing is kind of expensive, as it requires the webserver to actually parse the shtml files, regardless of if SSI is used in them. The "xbit hack" can help with this, but if you're really just looking to be able to include content, it might be better to use a CRM system. Some players in that field are Drupal, Joomla!, and (my favorite) Textpattern. There are a lot of them. There's also a fair number of good ways to do this with PHP, and only where it's needed. You might want to look at that if you only need this functionality on a limited number of pages.
malcolmpdx
- 2,250
- 1
- 15
- 12