Article ID: 195291 - Last Review: July 3, 2008 - Revision: 5.0 How to disable #exec in Server-Side Include flesThis article was previously published under Q195291 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/prodtech/IIS.mspx
(http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site: http://www.iis.net/default.aspx?tabid=1
(http://www.iis.net/default.aspx?tabid=1)
SUMMARY
For security reasons, Web administrators may want to disable the #exec
function in Server-Side Include (SSI) files.
MORE INFORMATIONImportant This article contains information about editing the Microsoft
Internet Information Server (IIS) metabase. Before you edit the metabase,
make sure you understand how to restore it if a problem occurs. For
information about how to do this, view the "Configuration Backup/Restore"
Help topic in the Internet Information Server snap-in for the Microsoft
Management Console (MMC).
Internet Information Server (IIS) versions 3.0 and later allow command- line or CGI programs to be executed, and their text output to be returned as Web output. This is accomplished through the use of Server-Side Include (SSI) commands. An example of this type of command is as follows: This functionality is enabled by default for the entire Web server. Web administrators may want to disable this feature. This is accomplished by performing the following steps:
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
