diff options
author | Paul Querna <pquerna@apache.org> | 2004-09-04 01:38:24 +0000 |
---|---|---|
committer | Paul Querna <pquerna@apache.org> | 2004-09-04 01:38:24 +0000 |
commit | 55b2bc486686f5dc81d6a9135cbde96c9388a62d (patch) | |
tree | b8a9a4dd8d25c64ef978633f209cbd06b1b5d66a /docs/manual/mod | |
parent | dafcc5566c262bab7fd84e3f6be1ec2b34e179bb (diff) | |
download | httpd-55b2bc486686f5dc81d6a9135cbde96c9388a62d.tar.gz |
updated mod_info to include docs on the different arguments it can take.
Submitted By: Rici Lake
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104947 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/mod')
-rw-r--r-- | docs/manual/mod/mod_info.html.en | 127 | ||||
-rw-r--r-- | docs/manual/mod/mod_info.xml | 123 |
2 files changed, 179 insertions, 71 deletions
diff --git a/docs/manual/mod/mod_info.html.en b/docs/manual/mod/mod_info.html.en index d3bbb503a0..c612e27f80 100644 --- a/docs/manual/mod/mod_info.html.en +++ b/docs/manual/mod/mod_info.html.en @@ -42,47 +42,104 @@ configuration</td></tr> </Location> </code></p></div> - <p>You may wish to add a - <code class="directive"><a href="../mod/core.html#limit"><Limit></a></code> - clause inside the - <code class="directive"><a href="../mod/core.html#location"><Location></a></code> - directive to limit access to your server configuration - information.</p> - <p>Once configured, the server information is obtained by accessing <code>http://your.host.dom/server-info</code></p> - - <div class="note"> - Note that the configuration files are read by the - module at run-time, and therefore the display may - <em>not</em> reflect the running server's active - configuration if the files have been changed since the server - was last reloaded. Also, the configuration files must be - readable by the user as which the server is running (see the - <code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> directive), or - else the directive settings will not be listed. - - <p>It should also be noted that if - <code class="module"><a href="../mod/mod_info.html">mod_info</a></code> is compiled into the server, its - handler capability is available in <em>all</em> configuration - files, including per-directory files (<em>e.g.</em>, - <code>.htaccess</code>). This may have security-related - ramifications for your site.</p> - - <p>In particular, this module can leak sensitive information - from the configuration directives of other Apache modules such as - system paths, usernames/passwords, database names, etc. Due to - the way this module works there is no way to block information - from it. Therefore, this module should <strong>only</strong> be - used in a controlled environment and always with caution.</p> - </div> </div> <div id="quickview"><h3 class="directives">Directives</h3> <ul id="toc"> <li><img alt="" src="../images/down.gif" /> <a href="#addmoduleinfo">AddModuleInfo</a></li> </ul> -</div> +<h3>Topics</h3> +<ul id="topics"> +<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Issues</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#queries">Selecting the information shown</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#limitations">Known Limitations</a></li> +</ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="security" id="security">Security Issues</a></h2> + <p>Once <code class="module"><a href="../mod/mod_info.html">mod_info</a></code> is loaded into the server, its + handler capability is available in <em>all</em> configuration + files, including per-directory files (<em>e.g.</em>, + <code>.htaccess</code>). This may have security-related + ramifications for your site.</p> + + <p>In particular, this module can leak sensitive information + from the configuration directives of other Apache modules such as + system paths, usernames/passwords, database names, etc. Therefore, + this module should <strong>only</strong> be + used in a controlled environment and always with caution.</p> + <p>You will probably want to use <code class="module"><a href="../mod/mod_access.html">mod_access</a></code> + to limit access to your server configuration information.</p> + + <div class="example"><h3>Access control</h3><p><code> + <Location /server-info><br /> + <span class="indent"> + SetHandler server-info<br /> + Order allow,deny + # Allow access from server itself + Allow from 127.0.0.1 + # Additionally, allow access from local workstation + Allow from 192.168.1.17 + </span> + </Location> + </code></p></div> +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="queries" id="queries">Selecting the information shown</a></h2> + <p>By default, the server information includes a list of + all enabled modules, and for each module, a description of + the directives understood by that module, the hooks implemented + by that module, and the relevant directives from the current + configuration.</p> + + <p>Other views of the configuration information are available by + appending a query to the <code>server-info</code> request. For + example, <code>http://your.host.dom/server-info?config</code> + will show all configuration directives.</p> + + <dl> + <dt><code>?<module-name></code></dt> + <dd>Only information relevant to the named module</dd> + <dt><code>?config</code></dt> + <dd>Just the configuration directives, not sorted by module</dd> + <dt><code>?list</code></dt> + <dd>Only a simple list of enabled modules</dd> + <dt><code>?server</code></dt> + <dd>Only the basic server information</dd> + </dl> +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="limitations" id="limitations">Known Limitations</a></h2> + <p><code class="module"><a href="../mod/mod_info.html">mod_info</a></code> provides its information by reading the + parsed configuration, rather than reading the original configuration + file. There are a few limitations as a result of the way the parsed + configuration tree is created:</p> + <ul> + <li>Directives which are executed immediately rather than being + stored in the parsed configuration are not listed. These include + <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>, + <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code>, and + <code class="directive"><a href="../mod/mod_so.html#loadfile">LoadFile</a></code>.</li> + <li>Directives which control the configuration file itself, such as + <code class="directive"><a href="../mod/core.html#include">Include</a></code>, + <code class="directive"><a href="../mod/core.html#<ifmodule>"><IfModule></a></code> and + <code class="directive"><a href="../mod/core.html#<ifdefine>"><IfDefine></a></code> are not + listed, but the included configuration directives are.</li> + <li>Comments are not listed. (This may be considered a feature.)</li> + <li>Configuration directives from <code>.htaccess</code> files are + not listed (since they do not form part of the permanent server + configuration).</li> + <li>Container directives such as + <code class="directive"><a href="../mod/core.html#<directory>"><Directory></a></code> + are listed normally, but <code class="module"><a href="../mod/mod_info.html">mod_info</a></code> cannot figure + out the line number for the closing + <code class="directive"><a href="../mod/core.html#</directory>"></Directory></a></code>.</li> + <li>Directives generated by third party modules such as <code class="module"><a href="../mod/mod_perl.html">mod_perl</a></code> + might not be listed.</li> + </ul> +</div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="AddModuleInfo" id="AddModuleInfo">AddModuleInfo</a> <a name="addmoduleinfo" id="addmoduleinfo">Directive</a></h2> <table class="directive"> @@ -101,8 +158,8 @@ information displayed by the server-info handler</td></tr> <div class="example"><p><code> AddModuleInfo mod_deflate.c 'See <a \<br /> <span class="indent"> - href="http://www.apache.org/docs-2.1/mod/mod_deflate.html">\<br /> - http://www.apache.org/docs-2.1/mod/mod_deflate.html</a>' + href="http://www.apache.org/docs-2.1/mod/mod_deflate.html">\<br /> + http://www.apache.org/docs-2.1/mod/mod_deflate.html</a>' </span> </code></p></div> diff --git a/docs/manual/mod/mod_info.xml b/docs/manual/mod/mod_info.xml index ca16eecf4f..a3b6475969 100644 --- a/docs/manual/mod/mod_info.xml +++ b/docs/manual/mod/mod_info.xml @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> -<!-- $Revision: 1.16 $ --> +<!-- $Revision: 1.17 $ --> <!-- Copyright 2002-2004 The Apache Software Foundation @@ -40,42 +40,94 @@ configuration</description> </Location> </example> - <p>You may wish to add a - <directive type="section" module="core">Limit</directive> - clause inside the - <directive type="section" module="core">Location</directive> - directive to limit access to your server configuration - information.</p> - <p>Once configured, the server information is obtained by accessing <code>http://your.host.dom/server-info</code></p> - - <note> - Note that the configuration files are read by the - module at run-time, and therefore the display may - <em>not</em> reflect the running server's active - configuration if the files have been changed since the server - was last reloaded. Also, the configuration files must be - readable by the user as which the server is running (see the - <directive module="mpm_common">User</directive> directive), or - else the directive settings will not be listed. - - <p>It should also be noted that if - <module>mod_info</module> is compiled into the server, its - handler capability is available in <em>all</em> configuration - files, including per-directory files (<em>e.g.</em>, - <code>.htaccess</code>). This may have security-related - ramifications for your site.</p> - - <p>In particular, this module can leak sensitive information - from the configuration directives of other Apache modules such as - system paths, usernames/passwords, database names, etc. Due to - the way this module works there is no way to block information - from it. Therefore, this module should <strong>only</strong> be - used in a controlled environment and always with caution.</p> - </note> </summary> +<section id="security"><title>Security Issues</title> + <p>Once <module>mod_info</module> is loaded into the server, its + handler capability is available in <em>all</em> configuration + files, including per-directory files (<em>e.g.</em>, + <code>.htaccess</code>). This may have security-related + ramifications for your site.</p> + + <p>In particular, this module can leak sensitive information + from the configuration directives of other Apache modules such as + system paths, usernames/passwords, database names, etc. Therefore, + this module should <strong>only</strong> be + used in a controlled environment and always with caution.</p> + + <p>You will probably want to use <module>mod_access</module> + to limit access to your server configuration information.</p> + + <example><title>Access control</title> + <Location /server-info><br /> + <indent> + SetHandler server-info<br /> + Order allow,deny + # Allow access from server itself + Allow from 127.0.0.1 + # Additionally, allow access from local workstation + Allow from 192.168.1.17 + </indent> + </Location> + </example> +</section> + +<section id="queries"><title>Selecting the information shown</title> + <p>By default, the server information includes a list of + all enabled modules, and for each module, a description of + the directives understood by that module, the hooks implemented + by that module, and the relevant directives from the current + configuration.</p> + + <p>Other views of the configuration information are available by + appending a query to the <code>server-info</code> request. For + example, <code>http://your.host.dom/server-info?config</code> + will show all configuration directives.</p> + + <dl> + <dt><code>?<module-name></code></dt> + <dd>Only information relevant to the named module</dd> + <dt><code>?config</code></dt> + <dd>Just the configuration directives, not sorted by module</dd> + <dt><code>?list</code></dt> + <dd>Only a simple list of enabled modules</dd> + <dt><code>?server</code></dt> + <dd>Only the basic server information</dd> + </dl> +</section> + +<section id="limitations"><title>Known Limitations</title> + <p><module>mod_info</module> provides its information by reading the + parsed configuration, rather than reading the original configuration + file. There are a few limitations as a result of the way the parsed + configuration tree is created:</p> + <ul> + <li>Directives which are executed immediately rather than being + stored in the parsed configuration are not listed. These include + <directive module="core">ServerRoot</directive>, + <directive module="mod_so">LoadModule</directive>, and + <directive module="mod_so">LoadFile</directive>.</li> + <li>Directives which control the configuration file itself, such as + <directive module="core">Include</directive>, + <directive module="core"><IfModule></directive> and + <directive module="core"><IfDefine></directive> are not + listed, but the included configuration directives are.</li> + <li>Comments are not listed. (This may be considered a feature.)</li> + <li>Configuration directives from <code>.htaccess</code> files are + not listed (since they do not form part of the permanent server + configuration).</li> + <li>Container directives such as + <directive module="core"><Directory></directive> + are listed normally, but <module>mod_info</module> cannot figure + out the line number for the closing + <directive module="core"></Directory></directive>.</li> + <li>Directives generated by third party modules such as <module>mod_perl</module> + might not be listed.</li> + </ul> +</section> + <directivesynopsis> <name>AddModuleInfo</name> <description>Adds additional information to the module @@ -93,12 +145,11 @@ information displayed by the server-info handler</description> <example> AddModuleInfo mod_deflate.c 'See <a \<br /> <indent> - href="http://www.apache.org/docs-2.1/mod/mod_deflate.html">\<br /> - http://www.apache.org/docs-2.1/mod/mod_deflate.html</a>' + href="http://www.apache.org/docs-2.1/mod/mod_deflate.html">\<br /> + http://www.apache.org/docs-2.1/mod/mod_deflate.html</a>' </indent> </example> </usage> </directivesynopsis> </modulesynopsis> - |