Shtml and asp are similar. In files named after Shtml, some ssi instructions are used, just like the instructions in Asp. You can write SSI instructions in the SHTML file. When the client accesses these shtml files,
The server side will read and interpret these SHTML files, and interpret the SSI instructions contained in the SHTML file. For example: You can use SSI instructions to refer to other html files (#include) in the SHTML file. The file sent by the server to the client is that the already explained SHTML does not have SSI instructions. It implements functions that HTML does not have, that is, it can implement dynamics
SHTML can be said to be an evolution of HTML. Like Sina's news system, the news content is fixed, but the advertisements and menus on it are quoted in #include.
Currently, there are mainly the following uses:
1. Display server-side environment variables <#echo>
2. Insert the text content directly into the document <#include>
3. Display WEB document related information <#flastmod><#fsize> (such as file creation date/size, etc.)
4. Directly execute various programs on the server <#exec> (such as CGI or other executable programs)
5. Set the SSI information display format <#config> (such as file creation date/size display method)
Advanced SSI<XSSI> can set variables to use if conditional statements.
Using SSI
SSI is a set of commands provided for WEB servers. These commands are only embedded directly into the comment content of the HTML document. like:
<#include file=info.htm-->
It is an SSI directive, which is used to copy the content of info.htm to the current page. When the visitor browses, he will see that other HTML documents display the content of info.htm.
The usage forms of other SSI instructions are basically the same as those mentioned just now. It can be seen that the usage of SSI is just inserting a little code, and the usage forms are very simple.
Of course, if the WEB server does not support SSI, it will simply treat it as annotation information and skip the content directly; the browser will also ignore this information.
How to configure SSI functionality on my WEB server?
On some WEB servers (such as IIS 4.0/SAMBAR 4.2), files containing the #include directive must use an extension that has been mapped to the SSI interpreter; otherwise, the Web server will not process the SSI directive; by default, the extensions .stm, .shtm, and .shtml are mapped to the interpreter (Ssinc.dll).
Apache is based on your settings, modify srm.conf such as:
AddType text/x-server-parsed-html .shtml will parse SSI directives only for files with .shtml extension
AddType text/x-server-parsed-html .html will parse SSI directives for all HTML documents
Netscape WEB server can directly use Administration Server (Administrative Server) to enable SSI function.
Website uses the Mapping tag in the Server Admin program, and adds the content type as: wwwserver/html-ssi
The Cern server does not support SSI. You can use SSI scam method. Download a PERL script on http://sw.cse.bris.ac.uk/WebTools/fakessi.html to make your CERN server use some SSI instructions. (The exec directive is not supported.)
Basic SSI instruction format
Basic SSI instruction format:
Program code:
<!---- Instruction Name = Instruction Parameters>
<!---- Instruction Name = Instruction Parameters>
like
Program code:
<#include file=info.htm-->
<#include file=info.htm-->
illustrate:
1. <!-- --> is annotation in HTML syntax. This information will be ignored when the WEB server does not support SSI.
2. #include is one of the SSI directives.
3. file is the parameter of include, info.htm is the parameter value, and refers to the document name to be included in this instruction.
Notice:
1. <!--There is no space between the # number, only the SSI instructions and parameters exist.
2. The above punctuation =, no one can be missing.
3. SSI instructions are case sensitive, so parameters must be lowercase to work.
Detailed explanation of the use of SSI instructions
#echo Demonstration
effect:
Insert environment variables into the page.
grammar:
Program code:
<!--#echo var=Variable name-->
<!--#echo var=Variable name-->
Name of this document: Program code:
<!--#echo var=DOCUMENT_NAME-->
<!--#echo var=DOCUMENT_NAME-->
Current time: Program code:
<!--#echo var=DATE_LOCAL-->
<!--#echo var=DATE_LOCAL-->
Your IP address is the program code:
<!--#echo var=REMOTE_ADDR-->
<!--#echo var=REMOTE_ADDR-->
#include Demonstration
effect:
Insert the contents of the text file directly into the document page.
grammar:
Program code:
<#include file=file name-->
<#include virtual=File name-->
<#include file=file name-->
<#include virtual=File name-->
The file file name is a relative path relative to the directory where the document using the #include directive is located. The included files can be in the same level directory or its subdirectories, but not in the previous level directory. If the nav_head.htm document in the current directory is file=nav_head.htm.
The virtual file name is the full path to the virtual directory on the Web site. If it means the nav_head.htm file in the hoyi directory under the root directory of the server document; then it is file=/hoyi/nav_head.htm
parameter:
file Specifies the location of the containing file relative to this document
virtual Specifies the location relative to the root directory of the server document
Notice:
1. The file name must have an extension.
2. The included files can have any file extension. I think it is most convenient to use the htm extension directly. Microsoft recommends using the .inc extension (it depends on your hobby).
Example:
Program code:
<#include file=nav_head.htm-->Insert the header file to the current page
<#include file=nav_foot.htm-->Insert the tail file to the current page
<#include file=nav_head.htm-->Insert the header file to the current page
<#include file=nav_foot.htm-->Insert the tail file to the current page
#flastmod and #fsize demonstrations
Function: #flastmod file last update date
#fsize file length
grammar:
Program code:
<!--#flastmod file=file name-->
<!--#fsize file=file name-->
<!--#flastmod file=file name-->
<!--#fsize file=file name-->
parameter:
file specifies the location of the containing file relative to this document, such as info.txt, which represents the info.txt document in the current directory.
virtual specifies the location relative to the root directory of the server document, such as /hoyi/info.txt
Notice:
The file name must have an extension.
Example:
Program code:
<!--#flastmod file=news.htm-->
<!--#flastmod file=news.htm-->
Insert the latest update date of the news.htm file in the current directory into the current page
Program code:
<!--#fsize file=news.htm-->
<!--#fsize file=news.htm-->
Enter the file size of news.htm in the current directory into the current page
#exec Demonstration
effect:
Insert the output of an external program into the page. It can be inserted into CGI programs or input from a regular application, depending on whether the parameters used are cmd or cgi.
grammar:
Program code:
<!--#exec cmd=File name-->
<!--#exec cgi=file name-->
<!--#exec cmd=File name-->
<!--#exec cgi=file name-->
parameter:
cmd regular applications
cgi CGI script program
Example:
Program code:
<!--#exec cmd=cat /etc/passwd--> will display the password file
<!--#exec cmd=dir /b--> will display the list of files in the current directory
<!--#exec cgi=/cgi-bin/gb.cgi-->The CGI program gb.cgi will be executed.
<!--#exec cgi=/cgi-bin/access_log.cgi-->The CGI program access_log.cgi will be executed.
<!--#exec cmd=cat /etc/passwd--> will display the password file
<!--#exec cmd=dir /b--> will display the list of files in the current directory
<!--#exec cgi=/cgi-bin/gb.cgi-->The CGI program gb.cgi will be executed.
<!--#exec cgi=/cgi-bin/access_log.cgi-->The CGI program access_log.cgi will be executed.
Notice:
As can be seen from the above example, this instruction is quite convenient, but there are also security issues.
Prohibited method:
. Apache, delete the Options Includes ExecCGI line in access.conf;
. In IIS, to disable the #exec command, you can modify the SSIExecDisable metadatabase;
#config
Function: Specifies the format of the error message, date and file size returned to the client browser.
grammar:
Program code:
<!--#configerrmsg=custom error message-->
<!--#configsizefmt=display unit-->
<!--#configtimefmt=display format-->
<!--#configerrmsg=custom error message-->
<!--#configsizefmt=display unit-->
<!--#configtimefmt=display format-->
parameter:
errmsg Custom SSI execution error messages can be used in any way you like.
sizefmt file size display method, default is byte method (bytes) can be changed to kilobyte method (abbrev)
timefmt Time display method, the most flexible configuration attribute.
Example: Shows the size of a file that does not exist
Program code:
<!--#configerrmsg=Server execution error, please contact the administrator [email protected], thank you! -->
<!--#fsize file=No file.htm-->
<!--#configerrmsg=Server execution error, please contact the administrator [email protected], thank you! -->
<!--#fsize file=No file.htm-->
Display file size in kilobytes
Program code:
<!--#configsizefmt=abbrev-->
<!--#fsizefile=news.htm-->
<!--#configsizefmt=abbrev-->
<!--#fsizefile=news.htm-->
Display time in a specific time format
Program code:
<!--#configtimefmt=%Y year/%m month%d day and week %W Beijing time %H:%M:%s, %Y year has passed %j days Today is the %U week of %Y year-->
<!--#echo var=DATE_LOCAL--> Shows what day of the week, month, and time zone it is today
<!--#configtimefmt=Today's %A, %B, the server time zone is %z, yes-->
<!--#echo var=DATE_LOCAL-->
<!--#configtimefmt=%Y year/%m month%d day and week %W Beijing time %H:%M:%s, %Y year has passed %j days Today is the %U week of %Y year-->
<!--#echo var=DATE_LOCAL--> Shows what day of the week, month, and time zone it is today
<!--#configtimefmt=Today's %A, %B, the server time zone is %z, yes-->
<!--#echo var=DATE_LOCAL-->
XSSI
XSSI (Extended SSI) is a set of advanced SSI instructions built into the mod-include module of Apache 1.2 or later.
Among them, the available instructions are:
#printenv
#set
#if
#printenv
Function: Displays all environment variables currently present in the WEB server environment.
Syntax: Program code:
<!--#printenv-->
<!--#printenv-->
Parameters: None
Example:
Program code:
<!--#printenv-->
<!--#printenv-->
#set
Function: You can assign values to variables to be used in the subsequent if statement.
Syntax: Program code:
<!--#set var=variable name value=variable value-->
<!--#set var=variable name value=variable value-->
Parameters: None
Example: Program code:
<!--#set var=colorvalue=red-->
<!--#set var=colorvalue=red-->
#if
Function: Create a page that can change the data, which is displayed according to the calculation requirements when using the if statement.
Syntax: Program code:
<!--#if expr=$variable name=variable value A-->
Show content
<!--#elif expr=$variable name=variable value B-->
Show content
<!--#else-->
Show content
<!--#endif-->
<!--#if expr=$variable name=variable value A-->
Show content
<!--#elif expr=$variable name=variable value B-->
Show content
<!--#else-->
Show content
<!--#endif-->
Example:
Program code:
<!--#if expr=$SERVER_NAME=http://www.31896.net/-->
Welcome to the server security discussion area http://www.31896.net/.
<!--#elif expr=$SERVER_NAME=http://www.fineacer.org/ -->
Welcome to Qingchang Computer Network Security Online http://www.fineacer.org/.
<!--#else-->
Welcome to the server security discussion area!
<!--#endif-->
<!--#if expr=$SERVER_NAME=http://www.31896.net/-->
Welcome to the server security discussion area http://www.31896.net/.
<!--#elif expr=$SERVER_NAME=http://www.fineacer.org/ -->
Welcome to Qingchang Computer Network Security Online http://www.fineacer.org/.
<!--#else-->
Welcome to the server security discussion area!
<!--#endif-->
Note: The backslashes used in the previous instructions are used to replace the internal quotes so that they are not interpreted as ending expressions. Not omitted.
1. Config command
The Config command is mainly used to modify the default settings of SSI. in:
Errmsg: Set the default error message. In order to return the error information set by the user normally, the Errmsg parameter must be placed in front of other SSI commands in the HTML file, otherwise the client can only display the default error information instead of the custom information set by the user.
<!--#configerrmsg=Error! Please email [email protected] -->
Timefmt: Defines the usage format of date and time. The Timefmt parameter must be used before the echo command.
<!--#configtimefmt=%A, %B %d, %Y-->
<!--#echo var=LAST_MODIFIED -->
The results are displayed as:
Wednesday, April 12, 2000
Perhaps users are unfamiliar with the %A %B %d used in the above example. Let’s summarize some of the more commonly used date and time formats in SSI in the form of a table.
Sizefmt: Determines whether the file size is expressed in bytes, kilobytes or megabytes. If in bytes, the parameter value is bytes; abbreviation can be used for kilobytes and megabytes. Similarly, the sizefmt parameter must be placed before the fsize command to be used.
<!--#configsizefmt=bytes -->
<!--#fsize file=index.html -->
2. Include command
The Include command can insert text or pictures from other documents into the currently parsed document, which is the key to the entire SSI. Through the Include command, you only need to change one file to update the entire site instantly!
The Include command has two different parameters:
Virtual: Gives a virtual path to a document on the server side. For example:
<#include virtual=/includes/header.html -->
File: Gives the relative path to the current directory, where ../ cannot be used, nor can the absolute path be used. For example:
<#include file=header.html -->
This requires that each directory contains a header.html file.
3. Echo command
The Echo command can display the following environment variables:
DOCUMENT_NAME: Displays the name of the current document.
<!--#echo var=DOCUMENT_NAME -->
The results are displayed as:
index.html
DOCUMENT_URI: Displays the virtual path to the current document. For example:
<!--#echo var=DOCUMENT_URI -->
The results are displayed as:
/YourDirectory/YourFilename.html
As the website continues to grow, those URLs that are getting longer and longer will definitely be a headache. If you use SSI, everything will be solved. Because we can combine the domain name of the website and the SSI command to display the complete URL, that is:
http://yourdomain%3c!--/#echo var=& ... uot; -->
QUERY_STRING_UNESCAPED: Displays the query string sent by the client that has not been escaped, with all special characters preceded by escape characters. For example:
<!--#echo var=QUERY_STRING_UNESCAPED -->
DATE_LOCAL: Displays the date and time of the server setting time zone. Users can customize the output information based on the timefmt parameter of the config command. For example:
<!--#configtimefmt=%A, the %d of %B, in the year %Y -->
<!--#echo var=DATE_LOCAL -->
The results are displayed as:
Saturday, the 15 of April, in the year 2000
DATE_GMT: The function is the same as DATE_LOCAL, except that it returns a date based on GMT. For example:
<!--#echo var=DATE_GMT -->
LAST_MODIFIED: Displays the last update time of the current document. Similarly, this is a very practical feature in SSI. As long as you add the following simple text to the HTML document, you can dynamically display the update time on the page.
<!--#echo var=LAST_MODIFIED -->
CGI environment variables
In addition to SSI environment variables, the echo command can also display the following CGI environment variables:
SERVER_SOFTWARE: Displays the name and version of the server software. For example:
<!--#echo var=SERVER_SOFTWARE -->
SERVER_NAME: Displays the server's host name, DNS alias, or IP address. For example:
<!--#echo var=SERVER_NAME -->
SERVER_PROTOCOL: Displays the protocol name and version used by the client request, such as HTTP/1.0. For example:
<!--#echo var=SERVER_PROTOCOL -->
SERVER_PORT: Displays the response port of the server. For example:
<!--#echo var=SERVER_PORT -->
REQUEST_METHOD: Displays the client's document request method, including GET, HEAD, and POST. For example:
<!--#echo var=REQUEST_METHOD -->
REMOTE_HOST: Displays the name of the client host that issued the request message.
<!--#echo var=REMOTE_HOST -->
REMOTE_ADDR: Displays the IP address of the client that issued the request information.
<!--#echo var=REMOTE_ADDR -->
AUTH_TYPE: Displays the authentication method of user identity.
<!--#echo var=AUTH_TYPE -->
REMOTE_USER: Displays the account name used by the user accessing the protected page.
<!--#echo var=REMOTE_USER -->
4. Fsize: Displays the size of the specified file. You can customize the output format with the sizefmt parameter of the config command.
<!--#fsize file=index_working.html -->
5. Flastmod: Displays the last modification date of the specified file. You can control the output format with the timefmt parameter of the config command.
<!--#configtimefmt=%A, the %d of %B, in the year %Y -->
<!--#flastmod file=file.html -->
Here, we can use the flastmod parameter to display the update date of all linked pages on a page. The method is as follows:
<!--#configtimefmt= %B %d, %Y -->
<A HREF=/directory/file.html>File</A>
<!--#flastmod virtual=/directory/file.html -->
<A HREF=/another_directory/another_file.html>Another File</A>
<!--#flastmod virtual=/another_directory/another_file.html -->
The results are displayed as:
File April 19, 2000
Another File January 08, 2000
6. Exec
The Exec command can execute CGI scripts or shell commands. How to use it is as follows:
Cmd: Use /bin/sh to execute the specified string. If SSI uses the IncludesNOEXEC option, the command will be blocked.
Cgi: Can be used to execute CGI scripts. For example, in the following example, use the counter.pl script program under the server cgi-bin directory to place a counter on each page:
<!--#exec cgi=/cgi-bin/counter.pl -->