Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
171172173174175176177178179180
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administrators Guide522659-001
7-49
Setting Up a Server-Side Include (SSI)
be a security risk since clients would be executing commands on the server’s host
system. If you disable the exec option (described in Specifying SSI Use), this danger is
mitigated; however, the performance issue remains.
Specifying SSI Use
Specifying SSI use with the iTP Secure WebServer involves enabling SSIs in specific
regions, partially enabling SSIs in specific regions, or disabling SSIs (the default).
Compaq recommends that you disable SSI usage in users’ home directories and in
directories in which users can insert files without permission.
SSI usage is disabled by default. To enable SSI in a particular region (including exec),
use the
EnableIncludes command. For example:
Region /* {
EnableIncludes -restricted
}
To enable SSI in a region while disabling exec usage, you simply specify the
EnableIncludes command using no arguments. For example:
Region /*{
EnableIncludes
}
You can control the amount of SSI document nesting by specifying the -nesting
argument in the EnableIncludes command. The default nesting level is 3. For
example, the following command limits the amount of document nesting to one level:
Region /include/* {
EnableIncludes -nesting 1
}
Therefore, if a set of documents is nested as follows:
Doc1.shtml: <!--#include virtual="/include/Doc2.shtml"-->
Doc2.shtml: <!--#include virtual="/include/Doc3.shtml"-->
Doc3.shtml: <!--#include virtual="/include/Doc4.shtml"-->
document inclusion stops after Doc2.shtml is included into Doc1.shtml, and an
error will be logged to the server’s log files.
For more information about the EnableIncludes command, see Region Commands
on
page A-41.
Note. The iTP Secure WebServer does not support the <servlet> tag in .shtml-file server-side
includes, which is part of Sun Microsystems, Inc. implementation of the Servlet API 2.0. Other
implementations that are not supported are documented in Servlet Programming
Considerations on page 9-28.