Using Server-Side Include Directives

You use server-side include (SSI) directives to instruct the Web server to add text, graphic, or application information to an HTML page just before sending the page to a user. SSI provides special preprocessing directives that enable you to get information about a file or display the value of a variable. SSI also provides a directive that you can use to insert the output from an application or a shell command into an HTML page.

Because a file containing SSI directives requires special processing, you must give any SSI files an SSI file name extension. The default extensions are .stm, .shtm, and .shtml.

Including Files

To include a file, use the #include directive. For example, to insert a file named Copyright.inc into an HTML page when it is requested, use the following directive in the HTML page:

<!-- #include file="copyright.inc" -->

In this example, the file Copyright.inc must be in the same directory as the including file. The HTML file that contains the #include directive must be a published file in your Web site.

To locate the included file by specifying a path relative to the current directory, use the file argument. For example, if the including file is in a directory named Documents, and the included file is in a subdirectory named Documents\Common, use the following directive:

<!-- #include file="common/copyright.inc" -->

When you are working with documents in a Web site, you might want to store shared files in a special virtual directory. To locate the included file by specifying the full virtual path to the file, use the virtual argument. For example, to include a file from the /Common virtual directory, use the following directive:

<!-- #include virtual="/common/copyright.inc" -->

Including Output from Applications

In addition to simply including the contents of a file, you can run an application or a shell command by using an SSI directive and include the output in your HTML page. To run an application or a shell command, use the #exec directive. The application can be a CGI program, an ASP application, or an ISAPI application. For example:

<!-- #exec cgi=/scripts/guestbook.exe?FirstName+LastName>

The path to the application must be a full virtual path. You can pass parameters to the application by following the application's file name with a question mark (?) and a list of parameters joined by plus signs (+).

Allowing HTML files to run applications presents a security risk.