httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Agenda-Agentur Berlin - Lars Vogelsang <vogels...@agenda-agentur.de>
Subject [users@httpd] Why is enabling SSI for .html files a risk?
Date Mon, 15 Feb 2010 20:22:56 GMT
Hi! 
In the security tips on Apache 1.3, 2.0 and 2.2 it is stated as follows:
"Enabling SSI for files with .html or .htm  extensions can be dangerous. This is especially
true in a shared, or high traffic, server environment."
http://httpd.apache.org/docs/trunk/misc/security_tips.html
Enabling SSI increases server load, but why is it a risk? Does this apply only to enabling
SSI for all .html files while the server is very busy (because that could cause a denial of
service)?
I'm interested in whether enabling SSI for .html files is a risk for a single virtual hosting
account (without/before high traffic).
Thanks in advance, Lars 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message