|
Server Tip:
Hiding Your SSIs
by Tom Dahm,
Chief Operations Officer,
NetMechanic, Inc.
Server Side Includes are a great way to simplify site maintenance. So why do you see so few Web pages with the .shtml extension? The reason is that most people customize their server to allow SSIs for normal file extensions. You can do this even if you don't run your own Web server.
Last month we saw how to use Server Side Includes to make your site easier to maintain. By using SSIs, you can break your site into a series of reusable components, so a change to one file is reflected on every page on your site.
We also saw that SSIs take some special server configuration. Usually you'll have to ask your Web hosting company to enable SSIs for your site.
But that still leaves the .shtml file extension, which we'd like to avoid. Why do we care? Because, while SSIs are a powerful technology, they also have some security risks. Using SSIs makes your Web site more vulnerable to a hacker attack. The risk isn't great, it's there all the same. So if there's an easy way to disguise the fact that we're using SSIs, then we should do it.
Fortunately, it's easy to tell your Web server to look for SSIs inside files having the .html extension. And you can do this even if you rent space on someone else's server.
The method for doing this is to place a server directive inside your .htaccess file. A few months ago we showed you how to use this approach to create a custom "File Not Found" page for your site. If you're unfamiliar with .htaccess files, you may want to review that story to learn how they work.
To set up our .htaccess file so we can hide our SSIs, we need to add a new line to the file, like this:
AddHandler server-parsed .html
|
That's it!
Depending on your Web server, this line may not look exactly like it does above. Our example shows how to use the AddHandler directive for Apache, the world's most popular Web server. If your hosting company runs a different Web server, you may have to ask them for the proper syntax to set up an AddHandler directive.
The AddHandler directive tells the Web server to treat all .html files in your site as if they had the .shtml extension. That means that when the server gets a request for a Web page, it will scan each line of your HTML file looking for Server Side Include statements. Whenever the server finds an SSI, it executes the statement and inserts the results into the data it sends to the Web browser.
There is a downside to this: you're now putting an extra processing load on your server. The server now has to review every line of every page in your site before sending it to a browser. That can tie up server resources and make your site slower. Because of that, you may want to think twice about using SSIs, especially if you're sharing a server with other Web sites.
However, we've run a number of server performance studies that show the penalty from SSIs to be slight. Unless your server is under a heavy load already, you should be able to use SSIs with no noticeable difference in performance. Because SSIs can dramatically ease your site's maintenance, we think they're worth it.
Not sure how well your Web server is performing? Use Server Check to find out.
|
