I have a user who is asking wants to enable server side include processing on
..htm and .html files.
IIS6 says is secure by default, so it makes me leery changing from default,
plus its is just more admin work to maintain across servers.
What are the risks, security and others that can result in add ssi
processing on .htm and html files?
and what verbs should be allowed?
thanks
Hi,
I think this article covers some of your questions:
"Using server side include directives in .html pages, and its caveats"
http://www.gafvert.info/iis/article/process_html_as_shtml.ht m
Basically, it does not matter if the extension is .htm or .shtm if you know
all files with that extension will need to go thru the server side
processing. But if most .htm files are static files, there are some
advantages of having it being handled as static pages.
Only add the verbs you need, obviously.
--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info
"Jason"
news:5DF46810-6AEA-4EF9-AB18-DDA993114FF8@microsoft.com...
>I have a user who is asking wants to enable server side include processing
>on
> .htm and .html files.
> IIS6 says is secure by default, so it makes me leery changing from
> default,
> plus its is just more admin work to maintain across servers.
>
> What are the risks, security and others that can result in add ssi
> processing on .htm and html files?
>
> and what verbs should be allowed?
>
> thanks
>
Hi Jason,
Kristofer's blog gives perfect answer of the question. The only supplement
of mine is it does bring the risk if both SSI and Parent Path are enabled
on web server. Please refer to:
332117 Enable Parent Paths Is Disabled by Default in IIS 6.0
http://support.microsoft.com/default.aspx?scid=kb;EN-US;3321 17
Thanks.
Sincerely,
WenJun Zhang
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:
http://msdn.microsoft.com/subscriptions/support/default.aspx .
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.