1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis metafile="mod_info.xml.meta">
<name>mod_info</name>
<description>Provides a comprehensive overview of the server
configuration</description>
<status>Extension</status>
<sourcefile>mod_info.c</sourcefile>
<identifier>info_module</identifier>
<summary>
<p>To configure <module>mod_info</module>, add the following to your
<code>httpd.conf</code> file.</p>
<example>
<Location /server-info><br />
<indent>
SetHandler server-info<br />
</indent>
</Location>
</example>
<p>You may wish to add a
<directive type="section" module="core">Limit</directive>
clause inside the
<directive type="section" module="core">Location</directive>
directive to limit access to your server configuration
information.</p>
<p>Once configured, the server information is obtained by
accessing <code>http://your.host.dom/server-info</code></p>
<note>
Note that the configuration files are read by the
module at run-time, and therefore the display may
<em>not</em> reflect the running server's active
configuration if the files have been changed since the server
was last reloaded. Also, the configuration files must be
readable by the user as which the server is running (see the
<directive module="mpm_common">User</directive> directive), or
else the directive settings will not be listed.
<p>It should also be noted that if
<module>mod_info</module> is compiled into the server, its
handler capability is available in <em>all</em> configuration
files, including per-directory files (<em>e.g.</em>,
<code>.htaccess</code>). This may have security-related
ramifications for your site.</p>
<p>In particular, this module can leak sensitive information
from the configuration directives of other Apache modules such as
system paths, usernames/passwords, database names, etc. Due to
the way this module works there is no way to block information
from it. Therefore, this module should <strong>only</strong> be
used in a controlled environment and always with caution.</p>
</note>
</summary>
<directivesynopsis>
<name>AddModuleInfo</name>
<description>Adds additional information to the module
information displayed by the server-info handler</description>
<syntax>AddModuleInfo <var>module-name</var> <var>string</var></syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<compatibility>Apache 1.3 and above</compatibility>
<usage>
<p>This allows the content of <var>string</var> to be shown as
HTML interpreted, <strong>Additional Information</strong> for
the module <var>module-name</var>. Example:</p>
<example>
AddModuleInfo mod_deflate.c 'See <a \<br />
<indent>
href="http://www.apache.org/docs-2.1/mod/mod_deflate.html">\<br />
http://www.apache.org/docs-2.1/mod/mod_deflate.html</a>'
</indent>
</example>
</usage>
</directivesynopsis>
</modulesynopsis>
|