Configuring NT4 Server for SSI's

[jasony]

I need to configure my server for SSI's. What needs to be done? Is it all handled through IIS or not?<br>
<br>
I've read that it can be dangerous if html is defined as the SSI extension, so I want to make sure that I do this correctly.<br>

 

[Warcorp]

Server Side Includes are handled through IIS (Starting with v. 1.0). I would though be on IIS4.0, with SP4 or above for NT. You should leave the SSI extension at it's default (*stm). But as long as a couple thing happen you should be fairly safe. First, make sure the ¦USR_Servername account has only read access to the stm (or valid SSI extension) and disable the #EXEC (MS Q195291)function for server side includes (Probably no reason to start a command prompt on the server). Just some advice, the SSI is very specific to you application. In many cases the security requirements are vastly different for each kind of app running so you will need to look at it from that angle and at each app to find where there may be security issues.. <p>Jim Collin<br><a href=mailto:Jim@collin.cc>Jim@collin.cc</a><br><a href=

http://www.collin.cc>Collin

Technologies</a><br>Consumer Technology Integration<br>

 

[jasony]

Jim-<br>
Thanks for the reply. I discovered that everything looked like it was configured correctly, but I am waiting to hear back from the individual who was having trouble with their pages to see if they are running correctly now.<br>
Another find was that index.shtm was not configured in the list of default documents, so their main page wasn't viewable at all.<br>
I'll post again if I have any other questions or problems...<br>
<br>
Thanks again,<br>
<br>
Jason<br>