mod_info.xml revision 72efd3996108e6e17834609af9cf84b95e4c586e
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz<modulesynopsis>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz<description>Provides a comprehensive overview of the server
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarzconfiguration</description>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <p>To configure <module>mod_info</module>, add the following to your
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <Location /server-info><br />
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz SetHandler server-info<br />
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz </Location>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <p>You may wish to add a
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <directive type="section" module="core">Limit</directive>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz clause inside the
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <directive type="section" module="core">Location</directive>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz directive to limit access to your server configuration
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz information.</p>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <p>Once configured, the server information is obtained by
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz accessing <code>http://your.host.dom/server-info</code></p>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz Note that the configuration files are read by the
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz module at run-time, and therefore the display may
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <em>not</em> reflect the running server's active
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz configuration if the files have been changed since the server
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz was last reloaded. Also, the configuration files must be
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz readable by the user as which the server is running (see the
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <directive module="mpm_common">User</directive> directive), or
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz else the directive settings will not be listed.
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <p>It should also be noted that if
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <module>mod_info</module> is compiled into the server, its
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz handler capability is available in <em>all</em> configuration
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz files, including per-directory files (<em>e.g.</em>,
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <code>.htaccess</code>). This may have security-related
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz ramifications for your site.</p>
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz <p>In particular, this module can leak sensitive information
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz from the configuration directives of other Apache modules such as
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz system paths, usernames/passwords, database names, etc. Due to
51ed197520dd9ea534fbc3bc1790ebe3cb5421e2Michael M Slusarz the way this module works there is no way to block information