Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
181182183184185186187188189190
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administrator’s Guide523346-002
7-50
Setting Up a Server-Side Include (SSI)
on the server’s host system. If you disable the exec option (described in Specifying SSI
Use), this danger is mitigated; however, the performance issue remains.
Specifying SSI Use
Specifying SSI use with the iTP Secure WebServer involves enabling SSIs in specific
regions, partially enabling SSIs in specific regions, or disabling SSIs (the default).
HP recommends that you disable SSI usage in users’ home directories and in
directories in which users can insert files without permission.
SSI usage is disabled by default. To enable SSI in a particular region (including exec),
use the EnableIncludes command. For example:
Region /* {
EnableIncludes -restricted
}
To enable SSI in a region while disabling exec usage, you simply specify the
EnableIncludes command using no arguments. For example:
Region /*{
EnableIncludes
}
You can control the amount of SSI document nesting by specifying the -nesting
argument in the EnableIncludes command. The default nesting level is 3. For
example, the following command limits the amount of document nesting to one level:
Region /include/* {
EnableIncludes -nesting 1
}
Therefore, if a set of documents is nested as follows:
Doc1.shtml: <!--#include virtual="/include/Doc2.shtml"-->
Doc2.shtml: <!--#include virtual="/include/Doc3.shtml"-->
Doc3.shtml: <!--#include virtual="/include/Doc4.shtml"-->
document inclusion stops after Doc2.shtml is included into Doc1.shtml, and an
error will be logged to the server’s log files.
For more information about the EnableIncludes command, see Region Commands
on page A-41.
After specifying SSI usage for specific regions, you need to tell the server the
extension of the files you want to be parsed for SSIs. Internally, the server uses the
MIME type text/x-server-parsed-html to identify files to be parsed. To tell the
Note. The iTP Secure WebServer does not support the <servlet> tag in .shtml-file server-side
includes, which is part of Sun Microsystems, Inc. implementation of the Servlet API 2.0. Other
implementations that are not supported are documented in Servlet Programming
Considerations on page 9-30.