Server Side Includes (SSI) is a simple interpreted server-side scripting language. Mainly, SSI consists of directives that are included in normal HTML pages.
To tell the server that the page contains SSI code, the filename extension must be .shtml, .stm or .shtm.
SSI has a very simple syntax:
<!--#directive parameter=value parameter=value -->As you can see the code is written inside HTML comments. This is to prevent execution is SSI is not enabled on the server.
There are two types of directives – common and control. Control directives are available only in some implementations.
The common SSI directives:
1. include directive. Parameters: file or virtual. With this directive you can easily include other files or scripts in your main file.
<!--#include virtual="file.cgi" -->
<!--#include file="htmlfile.html" -->2. exec directive. Parameters cgi or cmd. This directive allows you to execute server commands. Notice that many servers block access to the exec command.
<!--#exec cgi="/cgi-bin/cgiscript.cgi" -->
<!--#exec cmd="du -sh" -->3. echo directive. Parameters var. The parameter var refers to the HTTP environment variables. You can find the list of these variables here https://httpd.apache.org/docs/2.4/expr.html#vars REMOTE_ADDR, REMOTE_HOST, SERVER_PROTOCOL, CONTENT_TYPE etc
For example to display the remote host address
<!--#echo var="REMOTE_HOST" -->4. config directive. Parameters timefmt, sizefmt, or errmsg. This command formats the date and time, filesize and sets an error message in case of SSI errors.
<!--#config timefmt="%y %m %d" -->
<!--#config sizefmt="bytes" -->
<!--#config errmsg="Something is wrong - error message!" -->The default SSI error message(when no error message is set with errmsg) is:
[an error occurred while processing this directive]5. flastmod and fsize. Parameters file or virtual. flastmod gets the time when a file was last modified and fsize gets the size of a specific file.
<!--#flastmod virtual="index.html" -->
<!--#fsize file="index3.htm" -->Example of a test file:
File date is: <!--#flastmod virtual="test2.php" -->
<br>
File size is: <!--#fsize file="test2.php" --> bytesAnd the output when accessing the file
File date is: Wednesday, 04-Apr-2018 11:13:12 PDT
File size is: 96 bytesThe control SSI directives:
1. if / elif / else / endif directives. Parameters expr. This is just a simple implementation of the well-known if expression.
2. set directive. Parameters var, value. This directive assigns values to SSI variables.
<!--#set var="variable1" value="value-for-variable1" -->3. printenv directive. This directive has no parameters, is available only on Apache web servers, and will print all SSI variables and their values.
<!--#printenv -->Output example for this directive:
UNIQUE_ID=XsjIpMvG9yjRsoJ8v6ieCAAAAAI SCRIPT_URL=/phtest.shtml SCRIPT_URI=http://example.com/phtest.shtml HTTP_HOST=example.com HTTP_CONNECTION=keep-alive HTTP_UPGRADE_INSECURE_REQUESTS=1 HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 HTTP_ACCEPT_ENCODING=gzip, deflate HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.9,ro;q=0.8,he;q=0.7 HTTP_COOKIE=PHPSESSID=000582643738fa3fd74cc7a480436ccb; DefaultUserInterfaceType=Desktop; UserInterfaceType=Desktop; YII_CSRF_TOKEN=accc45e05905e14e04e7811d73ca7f961822f02d; CATS=qln9mcbls2relhffvl9rud8ch7; settings=%22.Video_Control%2Cnull%2Cvideo%2Cnull%7Bfilter%3A%20contrast(100%25)brightness(100%25)saturate(100%25)sepia(0%25)%20url(%23Sharpen0)%20url(%23MIRROR0)%20url(%23Video_Control_Gamma)%20!important%3Btransform%3Ascalex(1)%3Btransition%3A%200.5s%3B%7D%22; _ga=GA1.2.1150765429.1587567878; thirdparty.check=303 PATH=/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin SERVER_SIGNATURE= SERVER_SOFTWARE=Apache SERVER_NAME=example.com SERVER_ADDR=162.255.11.11 SERVER_PORT=80 REMOTE_ADDR=11.11.11.11 DOCUMENT_ROOT=/home/example/public_html REQUEST_SCHEME=http CONTEXT_PREFIX= CONTEXT_DOCUMENT_ROOT=/home/example/public_html SERVER_ADMIN=webmaster@example.com SCRIPT_FILENAME=/home/example/public_html/phtest.shtml REMOTE_PORT=57254 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REQUEST_METHOD=GET QUERY_STRING= REQUEST_URI=/phtest.shtml SCRIPT_NAME=/phtest.shtml DATE_LOCAL=Friday, 22-May-2020 23:54:28 PDT DATE_GMT=Saturday, 23-May-2020 06:54:28 GMT LAST_MODIFIED=Friday, 22-May-2020 23:54:05 PDT DOCUMENT_URI=/phtest.shtml DOCUMENT_ARGS= USER_NAME=example DOCUMENT_NAME=phtest.shtml