Specifying Whether a Web Server Should Allow the CMD Command to Be Used for SSI #exec Directives

InstallShield 2019

Project • This information applies to the following project types:

Basic MSI
DIM
InstallScript
InstallScript MSI
Merge Module

Server-side include (SSI) directives instruct a Web server to insert content into a Web page. The #exec type of directive enables the Web server to include the output of a shell command in a Web page.

You can configure an IIS Web server to prevent the CMD command for the #exec directive from being used to execute shell commands, or you can configure it to allow the CMD command to be used to execute this type of command. The SSIEnableCmdDirective registry value for the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters registry key is what determines whether the CMD command is permitted.

InstallShield lets you specify how your installation should configure the SSIEnableCmdDirective registry value on target systems. If you do not want your installation to change the SSIEnableCmdDirective registry value, you can also specify that.

Because of security concerns, the default SSIEnableCmdDirective registry value is FALSE (0); the FALSE (0) value prevents end users from running unauthorized server-side executable files.

To specify whether a Web server should allow the CMD command to be used for SSI #exec directives:

1. In the View List under Server Configuration, click Internet Information Services.
2. In the center pane, click the Web Sites explorer. InstallShield displays the Web server settings in the right pane.
3. For the SSIEnableCmdDirective registry value setting, select the appropriate option:
Ignore—Do not change the SSIEnableCmdDirective registry value on the target system. This is the default option.
FALSE (0)—Set the SSIEnableCmdDirective registry value on the target system to 0. This prevents the #exec CMD directive of server-side includes to be used to execute shell commands. Note that if you select this value and an IIS Web server has applications that rely on #exec CMD directives, those applications may stop working properly after your installation project’s Web site and virtual directory are installed.
TRUE (1)—Set the SSIEnableCmdDirective registry value on the target system to 1. This allows the #exec CMD directive of server-side includes to be used to execute shell commands.

If you select the FALSE or TRUE options, InstallShield stores the value—either 0 for FALSE or 1 for TRUE—in the INSTALLSHIELD_SSI_PROP property.

If one or more Web sites, virtual directories, application pools, or Web service extensions in your installation are installed on a target system and you selected the FALSE or TRUE options for the SSIEnableCmdDirective registry value setting, the SSIEnableCmdDirective registry value is updated on the target system.

Note • If your product is uninstalled from a target system, the SSIEnableCmdDirective registry value is not changed, even if its value was changed during installation.

See Also