l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2002 Feb 04 16:41

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] help -- server side include isn't working
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] help -- server side include isn't working



On Sun, 3 Feb 2002, Peter Jay Salzman wrote:
> for some reason, SSI isn't working and i have no idea why.  the page
> that i'm trying to make work is:
> 
> 	http://www.dirac.org/pcgm/bulletinboard.shtml
> 
> in /etc/apapche/srm.conf, i have the lines:
> 
> 	AddType text/html .shtml
> 	AddHandler server-parsed .shtml
> 
> i didn't put this in the file myself -- the config file came from debian
> with these lines commented out, and i uncommented them.
> 
> of course i restarted apache, many times.  i even ran strace to make
> sure it was reading this file (overkill, but i'm at a total loss here).
> 
> the server just seems to be totally ignoring the SSI stuff, and i'm not
> seeing anything in the apache logs that's helpful.
> 
> anyone have suggestions on why SSI may not be working?

You prob need to modify the <directory> </directory> section for the
relative location used in the server to add an OPTIONS entry to allow SSI
to take place.

If you choose not to do this, you can take the less secure route, and not
modify the Options entry but instead add "AllowOverride All" and then
create .htaccess files in directories that specify what options to have.

In particular, you prob want ( 
 IncludesNoExec
or
 Includes

added to your options entry
(example:)
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

These you will want to avoid if others may write data to the directory
(security reasons):
ExecCGI : Allows user to create programs  (cgi) that run on the server
  with perhaps their UID, the default apache uid, or nobody. When the
  users are not permitted shell access, this effectively may allow them to
  have *some* shell access - though a bit clunky.
FollowSymLinks : If they can manage creation of a symlink to /etc/passwd
  (they being ?) then your /etc/passwd file may be web page publishable
Includes : this allows for the #exec in arbitrary execution of commands on
  the server which can also be a clunky shell.


When you look to add these, make sure to add them where your <directory>
references the actual directory you are coding. If there is only one
<directory> entry, then that would be the place to do it.

The apachedocs manual explains the options and directory system quite
well.

For example, in the FAQ that ships with apache there is a section on SSI:

"F. Dynamic Content (CGI and SSI)"

 "1. How do I enable CGI execution in directories other than the
ScriptAlias?"

 "7. How do I enable SSI (parsed HTML)? "

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.