Issues with Server-Side Includes and .htaccess Files

Customer security is one of, if not the, top priority for us. We continually look for new ways to ensure our customers are safe, as well as improving our existing technology. With that in mind, we've recently upgraded Apache® on our Web servers to implement tighter security standards—protecting our customers from potential compromises.

However, with this upgrade comes some changes to how our environment handles .htaccess files.

• You do not need to enable Server-Side Includes for HTML files via .htaccess. They're enabled by default from Apache 2.2 and onward, and enabling them results in an error.
  
  If you use use "Option Includes," "Options -Includes," or "Options +Includes" in your .htaccess file, your Website might display a "500 - Internal Server Error." To get more information, you can enable error logs to show you the cause of the error, which is similar to this:
  [Wed Aug 31 03:13:37 2011] [alert] [client 127.0.0.1] /home/content/45/12345/html/.htaccess: Option Includes not allowed here
  To resolve this issue, remove the version of "Options Include" you use in your .htaccess file.
• If you override all "Options," instead of appending the server's default option, or if you use improper syntax, your Website can become vulnerable and experience functionality issues—such as HTML Server-Side Includes not functioning.
  
  To append, enable, or disable options in your .htaccess file, we recommend adding a + or - before the item you want to modify. Without using + or -, our default (the most secure) Option replaces yours and, as a security precaution, Server-Side Includes become unavailable.
  
  For example:
  • "Options +Indexes" is the preferred way to enable directory browsing.
  • "Options -Indexes" is the preferred way to disable directory browsing. This is also the default behavior.
  • "Options Indexes" still enables directory browsing, but also breaks Server-Side Includes in HTML files.
  If you do not use HTML Server-Side Includes, using "Options Indexes" probably won't affect your Website — but we encourage you to use the preferred method of enabling your .htaccess Options.

SSI-Related Errors

[an error occurred while processing this directive] Error

Either 403 errors (such as no default/index file) or SSI handling can cause this error.

If it isn't a 403 error, how you fix this error depends on how the file generating the error references other files.

• If the file generating the error and its references are in the same directory, replace <!--#include virtual="file.ext"> with <!--#include file="file.ext">.
• If the file and its references are in different directories, make sure the virtual element starts at the root of the hosting account, e.g. <!--#include virtual="/aliasdomaindir/anotherdir/file.ext">.

NOTE: The Server-Side Includes described here do not affect including files with dynamic scripting languages, such as PHP, Perl, or Python.