Re: SSI's

Thanks Jim and everyone else who replied - I am currently in conversation
with my ISP to resolve the problem.
They did at least turn it back on temporarily so the SSI's now works OK, and
they will give me notice before they turn it off.
They've stopped talking about security, their concern now seems to be server
slow down.
If I can convince them to use the  .htaccess file we can maybe work this
thing out. Otherwise I'll have to do a search and replace for the pages, and
redirection for the visitors.

thanks
howard

howardm(at)achilles.net
www.achilles.net/~howardm/tsmonk.html
www.achilles.net/~howardm/stantracey/



----- Original Message -----
From: Jim Tom Polk <jtpolk(at)texas.net>
To: <hwg-basics(at)mail.hwg.org>
Sent: Monday, November 20, 2000 1:44 PM
Subject: Re: SSI's


> > Now they have just informed me (after they made the changes!) that all
my
> > files will have to be changed to .shtml files for 'security' reasons. I
> > guess I'll have to change every file - that's several hundred files,
plus
> > all the internal links. This will mess up all my visitors too who use
links
> > or favourite lists, or search engines to find me - am I correct in this?
> > I believe that security can be a problem for ISP's, but why would
changing
> > the file extensions make anything more secure?
>
> They do NOT know what they are talking about.
>
> The reason of ''security concerns'' is totally and absolutely bogus. If
> a file can do bad things as an HTML file extension that will process
> SSI's, it will do EXACTLY the same sort of bad things if only SHTML file
> extensions can process SSI's. The file extensions mean absolutely
> NOTHING vis a vis security.
>
> Ok, that being said, that really doesn't help since they are clueless
> and probably have gotten their puny little brains going down one path
> and probably won't change them.
>
> If you have an IIS or other server type than Apache do a >/dev/null for
> this message.
>
> If they are using a server like Apache, they can still have everyone
> have HTML files non-parsed, but for your site, in your direcotory, have
> those files parsed.
>
> For instance, on our servers, we have it set up so that HTML files ARE
> NOT parsed for SSI. However, we allow individual users and virtual hosts
> to put a file in their directory called .htaccess which will allow them
> to parse HTML files for SSI. The line we tell them to add is this:
>
> Options Includes
> AddType text/x-server-parsed-html .html .htm
>
> That's it.
>
> Also, by default, users cannot call CGI programs into their web pages.
> However, we do allow them to override the server defaults by adding the
> following line in the .htaccess file for their site or a directory:
>
> Options Includes ExecCGI
>
> The default we have in the Apache httpd.conf file has only Includes
> available, but not the exec or include function for CGI via putting
> IncludesNOEXEC in httpd.conf and of course allowing overrides.
>
> In the last instance, you can delve into the inner workings of
> mod_rewrite and simply use a regex to transparently send every request
> for file.shtml to file.html. Good luck with that one (grin). You can do
> this in the .htaccess file (if the server allows it, which given the
> total cluelessness of the person you spoke to I would not be upon).
> --
>
>
> Jim Tom Polk -:- jtpolk(at)texas.net -:- http://camalott.com/~jtpolk/
> ''You might as well fall flat on your face as
>   lean over too far backwards.''      --James Thurber--
>    "The Universe is run by the complex interweaving of three
>           elements: energy, matter and enlightened self-interest."
>   - G'Kar  "Survivors"
>

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA