httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Agenda-Agentur Berlin - Lars Vogelsang <>
Subject [users@httpd] Why is enabling SSI for .html files a risk?
Date Mon, 15 Feb 2010 20:22:56 GMT
In the security tips on Apache 1.3, 2.0 and 2.2 it is stated as follows:
"Enabling SSI for files with .html or .htm  extensions can be dangerous. This is especially
true in a shared, or high traffic, server environment."
Enabling SSI increases server load, but why is it a risk? Does this apply only to enabling
SSI for all .html files while the server is very busy (because that could cause a denial of
I'm interested in whether enabling SSI for .html files is a risk for a single virtual hosting
account (without/before high traffic).
Thanks in advance, Lars 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message