From: Astrid Malo To isolate the damage a wayward SSI file can cause, a server
administrator can enable suexec as
- described in the CGI in General section
Enabling SSI for files with .html or .htm extensions can be
dangerous. This is especially true in a shared, or high traffic,
@@ -220,7 +220,7 @@
programs from SSI pages. To do this replace Includes
with IncludesNOEXEC in the Options directive. Note that users may
still use <--#include virtual="..." --> to execute CGI scripts if
- these scripts are in directories desginated by a ScriptAlias directive.
ScriptAlias directive.
Pay particular attention to the interactions of Location and Directory directives; for instance, even
if <Directory /> denies access, a
- <Location /> directive might overturn it
Also be wary of playing games with the UserDir directive; setting it to
something like "./" would have the same effect, for root, as the first
diff --git a/docs/manual/misc/security_tips.xml b/docs/manual/misc/security_tips.xml
index 149ff7f091e..963e47bd730 100644
--- a/docs/manual/misc/security_tips.xml
+++ b/docs/manual/misc/security_tips.xml
@@ -205,7 +205,7 @@
To isolate the damage a wayward SSI file can cause, a server administrator can enable suexec as - described in the CGI in General section
+ described in the CGI in General section.Enabling SSI for files with .html or .htm extensions can be
dangerous. This is especially true in a shared, or high traffic,
@@ -218,7 +218,7 @@
with IncludesNOEXEC in the
<Directory /> denies access, a
- <Location /> directive might overturn it
+ <Location /> directive might overturn it.
Also be wary of playing games with the