Forum

Hi Hugo,

Each time I try to view my website, It prompt me to download the file..
I looked at Manual page SSI-CGI but I am still not able to get it working..

Could you please help or post an example of static website on .shtml

Thank you

Have you set this option in your configuration?

CGIhandler = /usr/bin/ssi-cgi:shtml

No I didn't had it.
I added

CGIhandler = /usr/bin/ssi-cgi:shtml

in the main hiawatha.conf but the file are still prompt for download.
Is there anything to add to the

VirtualHost{}

Since .shtml files are handled via an external parser, you have to allow CGI exection for that virtual host.

VirtualHost {
  ...
  ExecuteCGI = yes
}

I alreadygot that option set.
Here is my config:

hiawatha/hiawatha.conf file

# Hiawatha main configuration file
#
# This is a hiawatha.conf to be use with WordPress.
#

# VARIABLES
# With 'set', you can declare a variable. Make sure the name of the
# variable doesn't conflict with any of the configuration options. The
# variables are case-sensitive and cannot be re-declared.
#
set LOCALHOST = 127.0.0.0/8
set MyIPv4 = 10.6.20.xx
#set MyIPv6 = fde4:8dba:82e1:ffff::42
set TrustedIP_1 = 83.xx.188.xxx         # office
set TrustedIP_2 = 84.8.xx.xxx           # head office
set TrustedIP_3 = 193.128.xxx.xx        # proxy server

# GENERAL SETTINGS
#
#MonitorServer = 192.168.1.125
ServerString = Hiawatha
ServerId = www:www
ConnectionsTotal = 4096         # Maximum number of simultaneous connections. Default = 100
ConnectionsPerIP = 32           # Maximum number of simultaneous connections per IP address. Default = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
ThreadKillRate = 10
CacheSize = 8                   # Size of Hiawatha's internal file cache. Maximum is 1024 (megabytes). Default = 10
CacheMaxFilesize = 512          # Maximum size of a file Hiawatha will store in its internal cache. Default = 256
MaxUrlLength = 1000
MinTLSversion = TLS1.2
DHsize = 4096                   # Set the size of the Diffie-Hellman key. Default = 2048
SocketSendTimeout = 30
LogfileMask = deny LOCALHOST, deny MyIPv4, deny TrustedIP_1, deny TrustedIP_2, deny TrustedIP_3
RequestLimitMask = deny LOCALHOST, deny MyIPv4, deny TrustedIP_1, deny TrustedIP_2, deny TrustedIP_3


# BINDING SETTINGS
# A binding is where a client can connect to.
#
include bindings.conf

# BANNING SETTINGS
# Deny service to clients who misbehave.
#
BanOnGarbage = 300
BanOnInvalidURL = 60
BanOnMaxPerIP = 15
BanOnMaxReqSize = 300
BanOnWrongPassword = 3:900
BanOnSQLi = 3600
KickOnBan = yes
RebanDuringBan = yes
BanlistMask = deny LOCALHOST, deny MyIPv4, deny TrustedIP_1, deny TrustedIP_2, deny TrustedIP_3
ChallengeClient = 768, javascript, 15

# COMMON GATEWAY INTERFACE (CGI) SETTINGS
#
CGIhandler = /usr/local/bin/php-cgi:php
CGIhandler = /usr/local/bin/ssi-cgi:shtm

FastCGIserver {
        FastCGIid = PHP5-FPM
        ConnectTo = /var/run/php-fpm.sock
        Extension = php
}

# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#
include toolkit.conf

# DEFAULT WEBSITE
# Use IP address as the hostname of the default website and give it a blank webpage.
# By doing so, automated webscanners won't find the possible vulnerable website.
#
Hostname = 127.0.0.1
#WebsiteRoot = /usr/local/www/default/httpdocs
WebsiteRoot = /usr/local/www/hiawatha
StartFile = index.html
AccessLogfile = /usr/local/www/default/logs/default.access.log
ErrorLogfile = /usr/local/www/default/logs/default.error.log
#ErrorHandler = 404:/error.cgi

include siteconf

hiawatha/devsite.conf file

VirtualHost {
   Hostname = dev.mydomain.co.uk, www.dev.mydomain.co.uk
   WebsiteRoot = /usr/local/www/development/httpdocs
   StartFile = index.shtml
   AccessLogfile = /usr/local/www/development/logs/default.access.log
   ErrorLogfile = /usr/local/www/development/logs/default.error.log
   TimeForCGI = 15
   UseFastCGI = PHP5-FPM
#   CGIhandler = /usr/local/bin/ssi-cgi:shtml
#   UseToolkit = wordpress
#   UseToolkit = wp-multi-subdir
#   UseToolkit = joomla
#       Do Call block_bots
   DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
   ExecuteCGI = yes
   PreventCSRF = yes
   PreventSQLi = yes
   PreventXSS = yes
}

What's in the file that's been offered for download?

The file offered for download is the index.shtml source code

Have you restarted the webserver? Are you sure your request ends up in the right virtual host? In Hiawatha, shtml is implemented via an external parser (the ssi-cgi binary), which makes it in fact a normal CGI. It works as designed, so something else must go wrong. I have no idea what that is. All I can say is that it works as intended.

Hi Hugo,
spend the whole day trying to fix this issue and guess what... I missed the 'l'

CGIhandler = /usr/local/bin/ssi-cgi:shtm

should be

CGIhandler = /usr/local/bin/ssi-cgi:shtml

All good now

I suspected something like this. Glad it all works now.