summaryrefslogtreecommitdiff
path: root/docs/manual/mod/mod_info.xml
blob: bb3fce939168a51ac2ca6ea329b75a0f4cdeda7c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis>

<name>mod_info</name>
<description>Provides a comprehensive overview of the server
configuration</description>
<status>Extension</status>
<sourcefile>mod_info.c</sourcefile>
<identifier>info_module</identifier>

<summary>
    <p>To configure <module>mod_info</module>, add the following to your
    <code>httpd.conf</code> file.</p>

    <example>
      &lt;Location /server-info&gt;<br />
      <indent>
        SetHandler server-info<br />
      </indent>
      &lt;/Location&gt;
    </example>

    <p>You may wish to add a 
    <directive type="section" module="core">Limit</directive> 
    clause inside the 
    <directive type="section" module="core">Location</directive>
    directive to limit access to your server configuration 
    information.</p>

    <p>Once configured, the server information is obtained by
    accessing <code>http://your.host.dom/server-info</code></p>

    <note>
      Note that the configuration files are read by the
      module at run-time, and therefore the display may
      <em>not</em> reflect the running server's active
      configuration if the files have been changed since the server
      was last reloaded. Also, the configuration files must be
      readable by the user as which the server is running (see the
      <directive module="mpm_common">User</directive> directive), or
      else the directive settings will not be listed.

      <p>It should also be noted that if
      <module>mod_info</module> is compiled into the server, its
      handler capability is available in <em>all</em> configuration
      files, including per-directory files (<em>e.g.</em>,
      <code>.htaccess</code>). This may have security-related
      ramifications for your site.</p>

      <p>In particular, this module can leak sensitive information
      from the configuration directives of other Apache modules such as
      system paths, usernames/passwords, database names, etc.  Due to
      the way this module works there is no way to block information
      from it.  Therefore, this module should <strong>only</strong> be
      used in a controlled environment and always with caution.</p>
    </note>
</summary>

<directivesynopsis>
<name>AddModuleInfo</name>
<description>Adds additional information to the module
information displayed by the server-info handler</description>
<syntax>AddModuleInfo <var>module-name</var> <var>string</var></syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<compatibility>Apache 1.3 and above</compatibility>

<usage>
    <p>This allows the content of <var>string</var> to be shown as
    HTML interpreted, <strong>Additional Information</strong> for
    the module <var>module-name</var>. Example:</p>

    <example>
      AddModuleInfo mod_deflate.c 'See &lt;a \<br />
      <indent>
      href="http://www.apache.org/docs-2.0/mod/mod_deflate.html"&gt;\<br />
      http://www.apache.org/docs-2.0/mod/mod_deflate.html&lt;/a&gt;'
      </indent>
    </example>
</usage>

</directivesynopsis>
</modulesynopsis>