CAUTION – SSI directives can be used to execute programs external to the Tomcat JVM. If you are using the Java SecurityManager this will bypass your security policy configuration in catalina.policy.
To use the SSI servlet, remove the XML comments from around the SSI servlet and servlet-mapping configuration in $CATALINA_BASE/conf/web.xml.
To use the SSI filter, remove the XML comments from around the SSI filter and filter-mapping configuration in$CATALINA_BASE/conf/web.xml.
Only Contexts which are marked as privileged may use SSI features (see the privileged property of the Context element).