DeveloperSide.NET Forums

DeveloperSide.NET => Web.Developer Server Suite Community Edition,
Public Support Forum => Topic started by: pfm102 on April 20, 2008, 01:06:32 PM



Title: Getting SSIs working with v2
Post by: pfm102 on April 20, 2008, 01:06:32 PM
In conf\extra\suite-custom.conf, append:
Code:
<IfModule include_module>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddHandler server-parsed .shtml
</IfModule>
based on information read from http://httpd.apache.org/docs/2.2/howto/ssi.html (http://httpd.apache.org/docs/2.2/howto/ssi.html).[/li][/list]
   
Create a file conf\extra\vhosts\localhost\development.conf (which will get automatically included via the directive in the default virtual-host section in conf\extra\httpd-vhosts.conf) with:
Code:
<Directory "/www/vhosts/localhost/*/www">
AllowOverride All
Options +Includes
</Directory>
(The "AllowOverride All" directive is actually optional - I'd tried it with the "Options +Includes" directive in an .htaccess file within my current development site while trialing-and-erroring with this setup.  It also mirrors what I usually have available to me in 'production' on most cPanel-driven hosts)[/li][/list]

Comment out line 162 ("Include conf/extra/mod_security2/mod_security2.conf") in your httpd.conf file.  Obviously do not do this if security is something you values!  I honestly don't know why I needed to do this - it was based on turning up the error-log verbosity, and seeing an error message like
Code:
[ Sun Apr 20 13:09:28 2008] [ error] [ client 127.0.0.1] ModSecurity: Warning. Match of "rx (?:\\\\b(?:(?:i(?:nterplay|hdr|d3)|m(?:ovi|thd)|(?:ex|jf)if|f(?:lv|ws)|varg|cws)\\\\b|r(?:iff\\\\b|ar!B)|gif)|B(?:%pdf|\\\\.ra)\\\\b)" against "RESPONSE_BODY" required. [ id "970903"] [ msg "ASP/JSP source code leakage"] [ severity "WARNING"] [ hostname "localhost"] [ uri "/foobar/www/index.shtml"] [ unique_id "2uHEsQosAFYAAA10AEUAAADY"]
which suggests to me that the regex is too stringent, or that I need to modify it to ignore my .shtml files.  I didn't really fancy messing with that, to be honest, and I have no inkling about what's going on within mod_security or its configuration (that's for the ops types, frankly!) to fancy opening up what to me is a can of worms.

So, there you have it.  SSIs on the community edition.  Once again; thank you for the time and effort that you've spent putting together this package!