Hello,

I'm trying to use includes on a form on our secure site, but they aren't working. Does the secure server have SSI enabled? The code had worked fine on a previous setup; here's an example:



<select name="specialty"><!--#include virtual="degreecodes.inc"--></select></p>

I tried "virtual" and "file" to see if that made a difference, but neither worked. The file is an .shtml file. Any ideas??

Thanks!

Paula

for that one, you use 'file' instead of 'virtual'
Have you tried to see if SSI worked on your server?

And also, some servers require a space before the '-->' to work. like this:
<!--#include file="degreecodes.inc" -->

Hmmm, I tried adding the space and using file, but still no luck. Thanks for the ideas tho! Anyone else have any experience with this?[nbsp]

Please identify your domain so that I can look closer?

--
Terra
sysAdmin
FutureQuest

Thanks for taking a look. It's iaglr.org

In particular, the following file:

https://xiaglr.merchantquest.net/members/renewal.shtml which calls the SSI files degreecodes.inc once and interestcodes.inc three times.

For now I hardcoded in the text of the includes in https://xiaglr.merchantquest.net/members/renewal.html so that we could get it to work, but the includes are for really long pick lists (103 items. gack!) so wanted to shorten the main page by using the includes.

Confirmed, with notation...

SSI is in fact working, but including a file/virtual is not...

Tracking down the config issue now...[nbsp][nbsp]Most likely this is a issue that snuck in during an upgrade...

--
Terra
sysAdmin
FutureQuest

It just dawned on me what is going on... A case of looking at the problem, instead of looking around the problem...

What you are running into is a new Security Control that was put into place for the PHP users...

<Files "*.inc">
Order allow,deny
Deny from all
</Files>

That is the Apache config culprit...

Many pre-canned PHP scripts use 'filename.inc' to hold sensitive information like MySQL login information with passwords...

This denies access to anyone trying to view this file directly, as was added into the SSL core for obvious e-commerce reasons...

PHP require() does not depend on Apache to deliver the file, rather it goes directly to the file and reads it in...

However, SSI "include virtual=file.inc" depends on a sub-request in Apache to deliver the file... That sub-request is being denied by the above <Files> directive...

The solution to your problem is to _not_ use the '.inc' extension for include files... Once you change this, your includes will once again start working as desired...

Hope this clears the confusion...

--
Terra
--Consider it a _feature_ and not a bug--
FutureQuest

Terra,

Thanks for tracking down the problem. Works like a charm! And a nice simple fix, too :) Always the best kind. BTW, we recently switched from another host, and I cannot begin to tell you the difference in customer support. The FQ team is great, and I'm so happy we made the move!

Paula