The #include Server-Side Include (SSI) directive instructs the Web server to insert the contents of a file into a Web page. You must surround a directive with HTML comment delimiters.

This directive can be used in an ASP page, STM page, INC page, or any page with a file name extension that is mapped to the SSI interpreter (Ssinc.dll) or to the ASP interpreter (Asp.dll). If you have IIS Manager installed, you can modify default application mappings and add new mappings.

Included files can have any file name extension, but a recommended practice is to give them the .inc extension. Included files will go through the interpreter of the calling page. For example, if you want to include a page that uses the #exec directive, you must call it from an STM page. If you want to include a page that contains ASP script, you must call it from an ASP page. Included HTM pages will work as expected.

To increase security on you Web server, do not store sensitive data in include files. If you do store sensitive data in include files, change the IIS script mapping for the .inc extension from ssinc.dll to asp.dll so that ASP can throw an exception if an invalid character is passed. Alternatives to using #include in ASP applications are Server.Transfer Method and Server.Execute Method.


<!-- #include PathType=FileName-->


Specifies the type of the path to FileName. The path type can be one of the following:

Path TypeMeaning
FileThe FileName is a relative path from the directory containing the document with the #include directive.

The included file can be in the same directory or in a subdirectory. The included file cannot be in a directory above the page with the #include directive unless you have checked the box for Enable Parent Paths in the property sheet for the Web folder in IIS Manager, or manually set the AspEnableParentPaths metabase property to 1. This is strongly discouraged because it is a security risk. Any Web user could type ../.. as a part of a URL for your site and be shown the contents of parent folders if the parent folders do not have strong ACLs set on them.

IIS 6.0 and later: To increase security, parent paths are disabled by default. This can potentially break upgraded Web sites that use the ..\ notation or include files from parent directories.

VirtualThe file name is a full virtual path from a virtual directory of your Web site.
Specifies the name of the file to be included. FileName must contain the file name extension, and you must enclose the file name in quotation marks (").

The file containing this directive must use an .asp file name extension, or a file name extension that is mapped to the SSI interpreter; otherwise, the Web server will not process the directive. By default, the file name extensions .stm, .shtm, and .shtml are mapped to the SSI interpreter (ssinc.dll).

The #include directive is the only directive that will work in .asp files as well as .stm, .shtm, and .shtml files.

--- IncExample.asp ---

<!-- The included file is in the same directory as IncExample.asp. --> 
<!-- #include file = "myfile.inc" --> 

<!-- The included file is in the directory above IncExample.asp. 
     Enable Parent Paths must be checked for the Web folder. --> 
<!-- #include file = "..\myfile.htm" --> 

<!-- The included file is in the Scripts virtual directory. --> 
<!-- #include virtual = "/scripts/tools/global.inc" -->


Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS