14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<?xml version='1.0' encoding='UTF-8' ?>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<!DOCTYPE manualpage SYSTEM "/style/manualpage.dtd">

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<manualpage>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<relativepath href=".."/>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<title>Apache Tutorial: Introduction to Server Side Includes</title>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<summary>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<p>Server-side includes provide a means to add dynamic content to

14d5b1a7866541c4eb974f2d213d2aea59743c95wroweexisting HTML documents.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</summary>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<section id="related"><title>Introduction</title>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <related>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <modulelist>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <module>mod_include</module>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <module>mod_cgi</module>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <module>mod_expires</module>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe </modulelist>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <directivelist>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <directive module="core">Options</directive>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <directive module="mod_include">XBitHack</directive>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <directive module="mod_mime">AddType</directive>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <directive module="core">SetOutputFilter</directive>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <directive module="mod_setenvif">BrowserMatchNoCase</directive>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe </directivelist>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</related>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>This article deals with Server Side Includes, usually called

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe simply SSI. In this article, I'll talk about configuring your

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe server to permit SSI, and introduce some basic SSI techniques

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe for adding dynamic content to your existing HTML pages.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>In the latter part of the article, we'll talk about some of

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe the somewhat more advanced things that can be done with SSI,

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe such as conditional statements in your SSI directives.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</section>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<section id="what"><title>What are SSI?</title>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>SSI (Server Side Includes) are directives that are placed in

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe HTML pages, and evaluated on the server while the pages are

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe being served. They let you add dynamically generated content to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe an existing HTML page, without having to serve the entire page

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe via a CGI program, or other dynamic technology.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>The decision of when to use SSI, and when to have your page

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe entirely generated by some program, is usually a matter of how

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe much of the page is static, and how much needs to be

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe recalculated every time the page is served. SSI is a great way

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe to add small pieces of information, such as the current time.

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe But if a majority of your page is being generated at the time

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe that it is served, you need to look for some other

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe solution.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</section>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<section id="configuring">

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<title>Configuring your server to permit SSI</title>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>To permit SSI on your server, you must have the following

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe directive either in your <code>httpd.conf</code> file, or in a

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <code>.htaccess</code> file:</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe Options +Includes

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>This tells Apache that you want to permit files to be parsed

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe for SSI directives. Note that most configurations contain

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe multiple <directive module="core">Options</directive> directives

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe that can override each other. You will probably need to apply the

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <code>Options</code> to the specific directory where you want SSI

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe enabled in order to assure that it gets evaluated last.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>Not just any file is parsed for SSI directives. You have to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe tell Apache which files should be parsed. There are two ways to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe do this. You can tell Apache to parse any file with a

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe particular file extension, such as <code>.shtml</code>, with

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe the following directives:</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe AddType text/html .shtml<br />

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe AddOutputFilter INCLUDES .shtml

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>One disadvantage to this approach is that if you wanted to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe add SSI directives to an existing page, you would have to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe change the name of that page, and all links to that page, in

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe order to give it a <code>.shtml</code> extension, so that those

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe directives would be executed.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>The other method is to use the <directive

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe module="mod_includes">XBitHack</directive> directive:</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe XBitHack on

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p><directive module="mod_includes">XBitHack</directive>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe tells Apache to parse files for SSI

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe directives if they have the execute bit set. So, to add SSI

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe directives to an existing page, rather than having to change

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe the file name, you would just need to make the file executable

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe using <code>chmod</code>.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe<example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe chmod +x pagename.html

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe</example>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>A brief comment about what not to do. You'll occasionally

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe see people recommending that you just tell Apache to parse all

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <code>.html</code> files for SSI, so that you don't have to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe mess with <code>.shtml</code> file names. These folks have

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe perhaps not heard about <directive

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe module="mod_includes">XBitHack</directive>. The thing to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe keep in mind is that, by doing this, you're requiring that

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe Apache read through every single file that it sends out to

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe clients, even if they don't contain any SSI directives. This

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe can slow things down quite a bit, and is not a good idea.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>Of course, on Windows, there is no such thing as an execute

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe bit to set, so that limits your options a little.</p>

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe <p>In its default configuration, Apache does not send the last

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe modified date or content length HTTP headers on SSI pages,

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe because these values are difficult to calculate for dynamic

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe content. This can prevent your document from being cached, and

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe result in slower perceived client performance. There are two

14d5b1a7866541c4eb974f2d213d2aea59743c95wrowe ways to solve this:</p>

<ol>

<li>Use the <code>XBitHack Full</code> configuration. This

tells Apache to determine the last modified date by looking

only at the date of the originally requested file, ignoring

the modification date of any included files.</li>

<li>Use the directives provided by

<module>mod_expires</module> to set an explicit expiration

time on your files, thereby letting browsers and proxies

know that it is acceptable to cache them.</li>

</ol>

</section>

<section id="basic"><title>Basic SSI directives</title>

<p>SSI directives have the following syntax:</p>

<example>

&lt;!--#element attribute=value attribute=value ... --&gt;

</example>

<p>It is formatted like an HTML comment, so if you don't have

SSI correctly enabled, the browser will ignore it, but it will

still be visible in the HTML source. If you have SSI correctly

configured, the directive will be replaced with its

results.</p>

<p>The element can be one of a number of things, and we'll talk

some more about most of these in the next installment of this

series. For now, here are some examples of what you can do with

SSI</p>

<section id="todaysdate"><title>Today's date</title>

<example>

&lt;!--#echo var="DATE_LOCAL" --&gt;

</example>

<p>The <code>echo</code> element just spits out the value of a

variable. There are a number of standard variables, which

include the whole set of environment variables that are

available to CGI programs. Also, you can define your own

variables with the <code>set</code> element.</p>

<p>If you don't like the format in which the date gets printed,

you can use the <code>config</code> element, with a

<code>timefmt</code> attribute, to modify that formatting.</p>

<example>

&lt;!--#config timefmt="%A %B %d, %Y" --&gt;<br />

Today is &lt;!--#echo var="DATE_LOCAL" --&gt;

</example>

</section>

<section id="lastmodified"><title>Modification date of the file</title>

<example>

This document last modified &lt;!--#flastmod file="index.html" --&gt;

</example>

<p>This element is also subject to <code>timefmt</code> format

configurations.</p>

</section>

<section id="cgi"><title>Including the results of a CGI program</title>

<p>This is one of the more common uses of SSI - to output the

results of a CGI program, such as everybody's favorite, a ``hit

counter.''</p>

<example>

&lt;!--#include virtual="/cgi-bin/counter.pl" --&gt;

</example>

</section>

</section>

<section id="additionalexamples">

<title>Additional examples</title>

<p>Following are some specific examples of things you can do in

your HTML documents with SSI.</p>

<section id="docmodified"><title>When was this document

modified?</title>

<p>Earlier, we mentioned that you could use SSI to inform the

user when the document was most recently modified. However, the

actual method for doing that was left somewhat in question. The

following code, placed in your HTML document, will put such a

time stamp on your page. Of course, you will have to have SSI

correctly enabled, as discussed above.</p>

<example>

&lt;!--#config timefmt="%A %B %d, %Y" --&gt;<br />

This file last modified &lt;!--#flastmod file="ssi.shtml" --&gt;

</example>

<p>Of course, you will need to replace the

<code>ssi.shtml</code> with the actual name of the file that

you're referring to. This can be inconvenient if you're just

looking for a generic piece of code that you can paste into any

file, so you probably want to use the

<code>LAST_MODIFIED</code> variable instead:</p>

<example>

&lt;!--#config timefmt="%D" --&gt;<br />

This file last modified &lt;!--#echo var="LAST_MODIFIED" --&gt;

</example>

<p>For more details on the <code>timefmt</code> format, go to

your favorite search site and look for <code>strftime</code>. The

syntax is the same.</p>

</section>

<section id="footer">

<title>Including a standard footer</title>

<p>If you are managing any site that is more than a few pages,

you may find that making changes to all those pages can be a

real pain, particularly if you are trying to maintain some kind

of standard look across all those pages.</p>

<p>Using an include file for a header and/or a footer can

reduce the burden of these updates. You just have to make one

footer file, and then include it into each page with the

<code>include</code> SSI command. The <code>include</code>

element can determine what file to include with either the

<code>file</code> attribute, or the <code>virtual</code>

attribute. The <code>file</code> attribute is a file path,

<em>relative to the current directory</em>. That means that it

cannot be an absolute file path (starting with /), nor can it

contain ../ as part of that path. The <code>virtual</code>

attribute is probably more useful, and should specify a URL

relative to the document being served. It can start with a /,

but must be on the same server as the file being served.</p>

<example>

&lt;!--#include virtual="/footer.html" --&gt;

</example>

<p>I'll frequently combine the last two things, putting a

<code>LAST_MODIFIED</code> directive inside a footer file to be

included. SSI directives can be contained in the included file,

and includes can be nested - that is, the included file can

include another file, and so on.</p>

</section>

</section>

<section id="config">

<title>What else can I config?</title>

<p>In addition to being able to <code>config</code> the time

format, you can also <code>config</code> two other things.</p>

<p>Usually, when something goes wrong with your SSI directive,

you get the message</p>

<example>

[an error occurred while processing this directive]

</example>

<p>If you want to change that message to something else, you

can do so with the <code>errmsg</code> attribute to the

<code>config</code> element:</p>

<example>

&lt;!--#config errmsg="[It appears that you don't know how to use SSI]" --&gt;

</example>

<p>Hopefully, end users will never see this message, because

you will have resolved all the problems with your SSI

directives before your site goes live. (Right?)</p>

<p>And you can <code>config</code> the format in which file

sizes are returned with the <code>sizefmt</code> attribute. You

can specify <code>bytes</code> for a full count in bytes, or

<code>abbrev</code> for an abbreviated number in Kb or Mb, as

appropriate.</p>

</section>

<section id="exec">

<title>Executing commands</title>

<p>I expect that I'll have an article some time in the coming

months about using SSI with small CGI programs. For now, here's

something else that you can do with the <code>exec</code>

element. You can actually have SSI execute a command using the

shell (<code>/bin/sh</code>, to be precise - or the DOS shell,

if you're on Win32). The following, for example, will give you

a directory listing.</p>

<example>

&lt;pre&gt;<br />

&lt;!--#exec cmd="ls" --&gt;<br />

&lt;/pre&gt;

</example>

<p>or, on Windows</p>

<example>

&lt;pre&gt;<br />

&lt;!--#exec cmd="dir" --&gt;<br />

&lt;/pre&gt;

</example>

<p>You might notice some strange formatting with this directive

on Windows, because the output from <code>dir</code> contains

the string ``&lt;<code>dir</code>&gt;'' in it, which confuses

browsers.</p>

<p>Note that this feature is exceedingly dangerous, as it will

execute whatever code happens to be embedded in the

<code>exec</code> tag. If you have any situation where users

can edit content on your web pages, such as with a

``guestbook'', for example, make sure that you have this

feature disabled. You can allow SSI, but not the

<code>exec</code> feature, with the <code>IncludesNOEXEC</code>

argument to the <code>Options</code> directive.</p>

</section>

<section id="advanced">

<title>Advanced SSI techniques</title>

<p>In addition to spitting out content, Apache SSI gives you

the option of setting variables, and using those variables in

comparisons and conditionals.</p>

<section id="caveat"><title>Caveat</title>

<p>Most of the features discussed in this article are only

available to you if you are running Apache 1.2 or later. Of

course, if you are not running Apache 1.2 or later, you need to

upgrade immediately, if not sooner. Go on. Do it now. We'll

wait.</p>

</section>

<section id="variables"><title>Setting variables</title>

<p>Using the <code>set</code> directive, you can set variables

for later use. We'll need this later in the discussion, so

we'll talk about it here. The syntax of this is as follows:</p>

<example>

&lt;!--#set var="name" value="Rich" --&gt;

</example>

<p>In addition to merely setting values literally like that,

you can use any other variable, including, for example,

environment variables, or some of the variables we discussed in

the last article (like <code>LAST_MODIFIED</code>, for example)

to give values to your variables. You will specify that

something is a variable, rather than a literal string, by using

the dollar sign ($) before the name of the variable.</p>

<example>

&lt;!--#set var="modified" value="$LAST_MODIFIED" --&gt;

</example>

<p>To put a literal dollar sign into the value of your

variable, you need to escape the dollar sign with a

backslash.</p>

<example>

&lt;!--#set var="cost" value="\$100" --&gt;

</example>

<p>Finally, if you want to put a variable in the midst of a

longer string, and there's a chance that the name of the

variable will run up against some other characters, and thus be

confused with those characters, you can place the name of the

variable in braces, to remove this confusion. (It's hard to

come up with a really good example of this, but hopefully

you'll get the point.)</p>

<example>

&lt;!--#set var="date" value="${DATE_LOCAL}_${DATE_GMT}" --&gt;

</example>

</section>

<section id="conditional">

<title>Conditional expressions</title>

<p>Now that we have variables, and are able to set and compare

their values, we can use them to express conditionals. This

lets SSI be a tiny programming language of sorts.

<module>mod_include</module> provides an <code>if</code>,

<code>elif</code>, <code>else</code>, <code>endif</code>

structure for building conditional statements. This allows you

to effectively generate multiple logical pages out of one

actual page.</p>

<p>The structure of this conditional construct is:</p>

<example>

&lt;!--#if expr="test_condition" --&gt;<br />

&lt;!--#elif expr="test_condition" --&gt;<br />

&lt;!--#else --&gt;<br />

&lt;!--#endif --&gt;

</example>

<p>A <em>test_condition</em> can be any sort of logical

comparison - either comparing values to one another, or testing

the ``truth'' of a particular value. (A given string is true if

it is nonempty.) For a full list of the comparison operators

available to you, see the <module>mod_include</module>

documentation. Here are some examples of how one might use this

construct.</p>

<p>In your configuration file, you could put the following

line:</p>

<example>

BrowserMatchNoCase macintosh Mac<br />

BrowserMatchNoCase MSIE InternetExplorer

</example>

<p>This will set environment variables ``Mac'' and

``InternetExplorer'' to true, if the client is running Internet

Explorer on a Macintosh.</p>

<p>Then, in your SSI-enabled document, you might do the

following:</p>

<example>

&lt;!--#if expr="${Mac} &amp;&amp; ${InternetExplorer}" --&gt;<br />

Apologetic text goes here<br />

&lt;!--#else --&gt;<br />

Cool JavaScript code goes here<br />

&lt;!--#endif --&gt;

</example>

<p>Not that I have anything against IE on Macs - I just

struggled for a few hours last week trying to get some

JavaScript working on IE on a Mac, when it was working

everywhere else. The above was the interim workaround.</p>

<p>Any other variable (either ones that you define, or normal

environment variables) can be used in conditional statements.

With Apache's ability to set environment variables with the

<code>SetEnvIf</code> directives, and other related directives,

this functionality can let you do some pretty involved dynamic

stuff without ever resorting to CGI.</p>

</section>

</section>

<section id="conclusion"><title>Conclusion</title>

<p>SSI is certainly not a replacement for CGI, or other

technologies used for generating dynamic web pages. But it is a

great way to add small amounts of dynamic content to pages,

without doing a lot of extra work.</p>

</section>

</manualpage>