DeveloperSide.NET Forums
December 06, 2019, 03:53:56 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Getting SSIs working with v2  (Read 5022 times)
0 Members and 1 Guest are viewing this topic.
pfm102
Member
*
Posts: 1


View Profile
« on: April 20, 2008, 01:06:32 PM »

In conf\extra\suite-custom.conf, append:
Code:
<IfModule include_module>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddHandler server-parsed .shtml
</IfModule>
based on information read from http://httpd.apache.org/docs/2.2/howto/ssi.html.[/li][/list]
   
Create a file conf\extra\vhosts\localhost\development.conf (which will get automatically included via the directive in the default virtual-host section in conf\extra\httpd-vhosts.conf) with:
Code:
<Directory "/www/vhosts/localhost/*/www">
AllowOverride All
Options +Includes
</Directory>
(The "AllowOverride All" directive is actually optional - I'd tried it with the "Options +Includes" directive in an .htaccess file within my current development site while trialing-and-erroring with this setup.  It also mirrors what I usually have available to me in 'production' on most cPanel-driven hosts)[/li][/list]

Comment out line 162 ("Include conf/extra/mod_security2/mod_security2.conf") in your httpd.conf file.  Obviously do not do this if security is something you values!  I honestly don't know why I needed to do this - it was based on turning up the error-log verbosity, and seeing an error message like
Code:
[ Sun Apr 20 13:09:28 2008] [ error] [ client 127.0.0.1] ModSecurity: Warning. Match of "rx (?:\\\\b(?:(?:i(?:nterplay|hdr|d3)|m(?:ovi|thd)|(?:ex|jf)if|f(?:lv|ws)|varg|cws)\\\\b|r(?:iff\\\\b|ar!B)|gif)|B(?:%pdf|\\\\.ra)\\\\b)" against "RESPONSE_BODY" required. [ id "970903"] [ msg "ASP/JSP source code leakage"] [ severity "WARNING"] [ hostname "localhost"] [ uri "/foobar/www/index.shtml"] [ unique_id "2uHEsQosAFYAAA10AEUAAADY"]
which suggests to me that the regex is too stringent, or that I need to modify it to ignore my .shtml files.  I didn't really fancy messing with that, to be honest, and I have no inkling about what's going on within mod_security or its configuration (that's for the ops types, frankly!) to fancy opening up what to me is a can of worms.

So, there you have it.  SSIs on the community edition.  Once again; thank you for the time and effort that you've spent putting together this package!
« Last Edit: April 20, 2008, 01:15:23 PM by pfm102 » Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!