mod_info
Provides a comprehensive overview of the server
configuration
Extension
mod_info.c
info_module
To configure mod_info, add the following to your
httpd.conf
file.
<Location /server-info>
SetHandler server-info
</Location>
You may wish to use mod_access inside the
Location
directive to limit access to your server configuration
information:
<Location /server-info>
SetHandler server-info
Require host example.com
</Location>
Once configured, the server information is obtained by
accessing http://your.host.example.com/server-info
Security Issues
Once mod_info is loaded into the server, its
handler capability is available in all configuration
files, including per-directory files (e.g.,
.htaccess
). This may have security-related
ramifications for your site.
In particular, this module can leak sensitive information
from the configuration directives of other Apache modules such as
system paths, usernames/passwords, database names, etc. Therefore,
this module should only be
used in a controlled environment and always with caution.
You will probably want to use mod_authz_host
to limit access to your server configuration information.
Access control
<Location /server-info>
SetHandler server-info
Order allow,deny
# Allow access from server itself
Allow from 127.0.0.1
# Additionally, allow access from local workstation
Allow from 192.168.1.17
</Location>
Selecting the information shown
By default, the server information includes a list of
all enabled modules, and for each module, a description of
the directives understood by that module, the hooks implemented
by that module, and the relevant directives from the current
configuration.
Other views of the configuration information are available by
appending a query to the server-info
request. For
example, http://your.host.example.com/server-info?config
will show all configuration directives.
?<module-name>
- Only information relevant to the named module
?config
- Just the configuration directives, not sorted by module
?hooks
- Only the list of Hooks each module is attached to
?list
- Only a simple list of enabled modules
?server
- Only the basic server information
Dumping the configuration on startup
If the config define -DDUMP_CONFIG
is set,
mod_info will dump the pre-parsed configuration to
stdout
during server startup. This is roughly equivalent
to the ?config
query.
Known Limitations
mod_info provides its information by reading the
parsed configuration, rather than reading the original configuration
file. There are a few limitations as a result of the way the parsed
configuration tree is created:
- Directives which are executed immediately rather than being
stored in the parsed configuration are not listed. These include
ServerRoot,
LoadModule, and
LoadFile.
- Directives which control the configuration file itself, such as
Include,
<IfModule> and
<IfDefine> are not
listed, but the included configuration directives are.
- Comments are not listed. (This may be considered a feature.)
- Configuration directives from
.htaccess
files are
not listed (since they do not form part of the permanent server
configuration).
- Container directives such as
<Directory>
are listed normally, but mod_info cannot figure
out the line number for the closing
</Directory>.
- Directives generated by third party modules such as mod_perl
might not be listed.
AddModuleInfo
Adds additional information to the module
information displayed by the server-info handler
AddModuleInfo module-name string
server configvirtual host
This allows the content of string to be shown as
HTML interpreted, Additional Information for
the module module-name. Example:
AddModuleInfo mod_deflate.c 'See <a \
href="http://www.apache.org/docs/&httpd.docs;/mod/mod_deflate.html">\
http://www.apache.org/docs/&httpd.docs;/mod/mod_deflate.html</a>'