IIS SSI's?
June 29, 2009 1:31 PM   Subscribe

How do I get Server Side Includes working in pages with a .htm extension on IIS?

It's supposed to be straight forward—you pretty much just add the extension according to every resource I can find online—but it's just not working.

I'm working indirectly with the server, I have to go through an admin that doesn't know much about the specifics of IIS and I'm an Apache guy.

Initially they weren't working at all, until the server admin found a universal kill switch somewhere that disabled SSI's on all sites. Now they work fine if I use an .shtm extension, but not .htm even though that extension has been set up.

Is there somewhere else I need to look?
posted by Mr. Anthropomorphism to Computers & Internet (5 answers total)
 
What version of IIS are you running? It's way, way different in IIS 7.

It's usually Windows 2008:IIS 7. IIS 4 - 6 are very similar.
posted by adipocere at 1:37 PM on June 29, 2009


I doubt this will be much help, but two thoughts:

One, you did restart IIS after making the changes, right?

Two, it has been my experience, more often than not, that when you make changes like that in IIS, and hit apply and save and all that, it doesn't actually "take" the first time. It's a mystery to me why not; I'm used to OSes where stuff like that works the first time. But many, many times I've had a sysadmin swear up and down to me that they've changed a setting, I've pleaded with them to "just do it again," and, lo and behold, second time's the charm.
posted by bricoleur at 4:07 PM on June 29, 2009


Response by poster: Sorry, IIS 6, and yes we did give the whole server instance a reboot... but I guess we could try again!
posted by Mr. Anthropomorphism at 4:34 PM on June 29, 2009


Best answer:
  1. Navigate to "Web Service Extensions"
    1. Be sure to make the following "allowed" by right-clicking on them:
      1. Active Server Pages
      2. Perl CGI Extension
      3. Perl ISAPI Extension
      4. PerlEx ISAPI Extension
      5. Server Side Includes

    2. Make sure the following are disallowed by right-clicking on them:
      1. All Unknown CGI Extensions
      2. All Unknown ISAPI Extensions
      3. FrontPage Server Extensions
      4. Internet Data Connector
      5. WebDAV

  2. Right-click on "Web Sites" and select "Properties."
    1. "Web Site" tab
      1. Click the "Properties" button in the logging section
        1. In the "General" tab, make sure that "Daily" is checked.
        2. In the "Advanced" tab, make sure all of the extended properties are checked except "Cookie."
        3. Click the "OK" button.

    2. "Documents" tab
      1. Check "Enable the default content page."
      2. "Add" and sort the content page until the order is as follows:
        1. index.html
        2. index.htm
        3. index.pl
        4. index.asp
        5. default.html
        6. default.htm
        7. default.asp
        8. default.pl

      3. "Directory Security" tab
        1. Under "Authentication and access control," click on "Edit."
        2. Make sure "Enable anonymous access" is checked.
        3. Make sure that the user name is "redacted," which matches the permissions scripts below.
        4. Make sure that the "Integrated Windows authentication" is checked.
        5. Click the "OK" button.
    Setup of www.site.com
    1. "Web Site" tab
      1. "Description" should be www.site.com
      2. Click the "Advanced" button and make sure the following entries are present:
        1. "256.256.256.256", "80", "www.site.com" (obviously a fake IP)
        2. "256.256.256.256", "80", "" (obviously a fake IP)

      3. Click the "Properties" button in the logging section
        1. In the "General" tab, browse to Y:\srv\www.site.com\logs for the logs.
        2. Click the "OK" button.

    2. "Home Directory" tab
      1. Browse to Y:\srv\www.site.com\www\html
      2. Make sure that only "Read" and "Log visits" are checked
      3. Uncheck the "Script source access" box.
      4. Click the "Configuration" button.
        1. Remove all extensions (to taste) except:
          • .asp
          • .aspx
          • .pl
          Note: You can finally do multiple selects, so this process is not as tedious as it once was.

        2. Add an extension .html like:
          1. Executable: %SystemDrive%\WINDOWS\system32\inetsrv\ssinc.dll (or the most appropriate SSI-capable DLL)
          2. Extension: .html
          3. Verbs: Limit to: GET,POST
          4. Script engine: Checked
          5. Verify that file exists: Checked
          6. Click the "OK" button.
          7. Repeat the previous steps for the .htm and .inc extensions.

        3. Click the "OK" button.

    3. Change "Execute Permissions" to "Scripts Only."
Rather than rebooting the whole server, you can first try starting and stopping the web site. Should that fail, start and stop the application pool which serves the web site. Only after that fails should you reboot.
posted by adipocere at 7:12 AM on June 30, 2009


Response by poster: Marvelous, I've sent that along to Mr. Administrator. We'll find out if it works, but the above deserves a best answer for effort alone!

adipocere also answered my question via MeMail about using the ssinc.dll vs asp.dll:

For security reasons, I use the ssinc.dll rather than the ASP dll because, since ssinc.dll has only a subset of the fuctions of the ASP.dll, it should theoretically have fewer bugs and therefore fewer exploits. It's all very hypothetical, but there you go.
posted by Mr. Anthropomorphism at 8:14 AM on June 30, 2009


« Older save me from push pins!   |   down by the river - regex and poker cards Newer »
This thread is closed to new comments.


Tags

Share