Freepages-Help-L ArchivesArchiver > Freepages-Help > 2003-06 > 1057009434
From: Elsi <>
Subject: Re: [FreeHelp] Include file
Date: Mon, 30 Jun 2003 16:43:54 -0500
At 10:28 PM 6/30/2003 +0100, Adrian Furniss wrote:
> >>Why on earth the SSI gurus should have designed it this way I know not!
> >My suspicion is that it had something to do with security. ../ from your
> >home directory takes you into the server root -- and the webmaster may not
> >want to allow users to imbed files from the server's own directories.
>I've always assumed it's a security thing too and agree, webmasters might
>well want to outlaw such access, but still doesn't explain (to me) why both
>#..file and #..virtual are necessary. After all, there must still be an
>inhibition in interpreting #..virtual to prevent access above "/".
>I wonder if the Apache-SSI configuration settings allow <#include
>virtual=...> to be turned off while leaving <#include file=...> intact?
>That's the only thing that would make any kind of sense.
Well, my sentence did say 'had' something to do with security. At the
current levels of Apache, you cannot turn on include file without also
turning on include virtual. Research into the history of Apache might
reveal some information on how SSI processing has evolved. It probably
didn't spring up in the form that we see it today.