You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Agenda-Agentur Berlin - Lars Vogelsang <vo...@agenda-agentur.de> on 2010/02/15 21:22:56 UTC

[users@httpd] Why is enabling SSI for .html files a risk?

Hi! 
In the security tips on Apache 1.3, 2.0 and 2.2 it is stated as follows:
"Enabling SSI for files with .html or .htm  extensions can be dangerous. This is especially true in a shared, or high traffic, server environment."
http://httpd.apache.org/docs/trunk/misc/security_tips.html
Enabling SSI increases server load, but why is it a risk? Does this apply only to enabling SSI for all .html files while the server is very busy (because that could cause a denial of service)?
I'm interested in whether enabling SSI for .html files is a risk for a single virtual hosting account (without/before high traffic).
Thanks in advance, Lars 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org