Using Server-Side Include Directives
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
Server-side include (SSI) directives instruct the Web server to insert various types of content into a Web page. These types of content can include the value of a server variable (sometimes called a CGI variable), the output of a shell command, a modification date and/or size of a file, or the contents of another file (when the #include statement is used). Directives can also include a string of SSI errors.
You can use SSI directives to instruct the Web server to include text, graphics, or application output into a Web page just before sending that information to the browser. You can use SSI to include, for example, a time/date stamp, a copyright notice, or a form for a customer to fill out and return. Including a file is an easy way to incorporate text or links to graphics that are repeated in many files. SSI provides special preprocessing directives that help you access information about a file or display the value of a server variable. SSI also provides a directive that you can use to insert the output from an application or a shell command into a Web page. Rather than adding the content or output to every file, you can save the content into an include file. The include files are called through a simple statement that instructs the Web server to insert the content or output into the applicable Web pages.
IIS processes SSI directives while it processes the Web page. When the Web server reaches an SSI directive, it inserts the contents of the include file, or the output of the application directly into the Web page. If the include file contains an SSI directive, that file or output is also inserted. In addition to the basic directive used to include a file, you can use SSI directives to insert information about a file (such as its size) or to run an application or a shell command.
By default, IIS is set to process server-side include files with the file name extensions .stm, .shtm, or .shtml, although you can configure other file name extensions to be processed as well. IIS also looks for and processes the #include directive in files with the .asp file name extension. Ensure that all files containing SSI directives have a defined SSI file name extension. Furthermore, SSI directives, as well as other script maps, work in any file whose file name extension is mapped to the ssinc.dll. If, for some reason, the extensions were deleted from the applications mappings list, use the procedure below to add the SSI file name extensions to the list.
Also be sure to put SSI files into a directory with Scripts or Execute access permissions. You should limit user access to this directory to avoid attacks by malicious users. For more information, see Access Control with IIS 6.0 and Setting NTFS Permissions for Directories or Files.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To enable server-side includes
In IIS Manager, expand the local computer, right-click the Web Sites folder (to enable SSI on all Web sites) or right-click a specific Web site, and click Properties.
Click the Home Directory tab.
In the Application settings section, click Configuration.
On the Mappings tab, click Add.
In the Add/Edit Application Extension Mapping dialog box, enter all of the required information.
Click OK.
To disable server-side includes on your IIS Web server, you must remove SSI extensions from the application mappings list. If your Web server receives a request for a page and the SSI extension has been removed, IIS will not process the SSI directive within the page. You can disable the processing of server-side include directives on all Web sites or on a specific Web site.
To disable server-side includes
In IIS Manager, expand the local computer, right-click the Web Sites folder (to disable SSI on all Web sites) or right-click a specific Web site, and click Properties.
Click the Home Directory tab.
In the Application settings section, click Configuration.
On the Mappings tab, scroll down in the Application Mappings list, click the SSI extension you wish to disable, and then click Remove.
Click OK.
Related Information
For information about enabling the execution of shell commands, see the SSIEnableCmdDirective section in WWW Service Registry Entries.
For specific programmatic information about implementing server-side include directives, search for "ssi" on the Microsoft Developer Network (MSDN) Web site.