Server Side Includes – All You Need to Know About SSI

Serves Side Includes (SSI) – Explanation

Jun 20, 2022

8 min read

Sudip Sengupta

In this article:

In web development, directives define custom tags translated to regular Javascript, HTML, or CSS to modify a page’s Document Object Model. Server Side Inclusion represents the directives in a web document’s request header field that instructs the server to include additional data within the HTML output for dynamic content delivery.

This article explores what a Server Side Includes mechanism is, how attackers exploit it to orchestrate cyberattacks, common SSI attack examples, and frequently asked questions. 

What is Server-Side Includes (SSI)?

Server-Side Includes is a mechanism that helps developers insert dynamic content into HTML files without requiring knowledge of the server or client-side programming language specification. When the edge server executes an SSI, it reads through the file’s contents, finds the directives, acts on them, and then sends the resulting file to the browser/client app. This makes SSI a powerful feature for applications such as dynamic content assembly, file includes, inserting common header files, displaying content file sizes, and last modified dates.

In instances where a web server accepts user-controllable input and includes it in response headers that are parsed for SSI directives, attackers can inject directives or modify existing ones for malicious purposes. This attack mechanism is commonly known as the SSI injection attack, which allows the adversary to

Read more

Explore the site

More from the blog

Latest News