Running Commands with SSI

SSIs can be used to include content from virtually any command that can be run on your operating system. Want to display, who is working logged on you OS? try....
<!--#exec cmd="/usr/bin/who"-->
  Format it between a couple of <pre></pre> pairs and you get:  
king     ttyp0   Apr 14 10:14   (picard)
tracey   ttyp1   Apr 14 08:52   (
king     ttyp2   Apr 14 10:14   (picard:0.0)
irfan    ttyp3   Apr 14 23:23   (
erlend   ttyp4   Apr 15 11:19   (striker)
tonys    ttyp6   Apr 15 12:13   (
ccampbel ttyp7   Apr 15 14:58   (blob)
jkissel  ttyp8   Apr 15 15:49   (jaunty)
  Alternatively, we can run our script  

print "Content-type: text/html\n\n";
print "<html><head><title>hello world</title></head>";
print "<body><h1>Hello World</h1></body></html>";
  in-line and combine it with this document by including the following:  
<!--#exec cgi="/cgi-bin/"-->
  with predicable results  
[an error occurred while processing this directive]
  Useful? Well maybe. Dangerous? Yes and no depending on how much freedom you give you users, and how well you have your security screwed down.

You can enable server side includes, but selectively disable exec with the following.

# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you (or at least, not yet).

Options Indexes FollowSymLinks IncludesNOEXEC
  You might want to user either <Directory> or <Location> to limit which directories or locations have access to SSIs.  

More SSI Examples   RTFM Index   Including files with SSIs
Copyright © 2006 Open Source Migrations ltd. All Rights Reserved.
Apache RTFM last updated Saturday October 21 2006