Apache HTTP Server Version 2.4
Description: | Provides a comprehensive overview of the server configuration |
---|---|
Status: | Extension |
Module Identifier: | info_module |
Source File: | mod_info.c |
To configure mod_info
, add the following to your
httpd.conf
file.
<Location "/server-info"> SetHandler server-info </Location>
You may wish to use mod_authz_host
inside the
<Location>
directive to limit access to your server configuration
information:
<Location "/server-info"> SetHandler server-info Require host example.com </Location>
Once configured, the server information is obtained by
accessing http://your.host.example.com/server-info
Once mod_info
is loaded into the server, its
handler capability is available in all configuration
files, including per-directory files (e.g.,
.htaccess
). This may have security-related
ramifications for your site.
In particular, this module can leak sensitive information from the configuration directives of other Apache modules such as system paths, usernames/passwords, database names, etc. Therefore, this module should only be used in a controlled environment and always with caution.
You will probably want to use mod_authz_host
to limit access to your server configuration information.
<Location "/server-info"> SetHandler server-info # Allow access from server itself Require ip 127.0.0.1 # Additionally, allow access from local workstation Require ip 192.168.1.17 </Location>
By default, the server information includes a list of all enabled modules, and for each module, a description of the directives understood by that module, the hooks implemented by that module, and the relevant directives from the current configuration.
Other views of the configuration information are available by
appending a query to the server-info
request. For
example, http://your.host.example.com/server-info?config
will show all configuration directives.
?<module-name>
?config
?hooks
?list
?server
?providers
If the config define -DDUMP_CONFIG
is set,
mod_info
will dump the pre-parsed configuration to
stdout
during server startup.
httpd -DDUMP_CONFIG -k start
Pre-parsed means that directives like
<IfDefine>
and
<IfModule>
are
evaluated and environment variables are replaced. However it does
not represent the final state of the configuration. In particular,
it does not represent the merging or overriding that may happen
for repeated directives.
This is roughly equivalent to the ?config
query.
mod_info
provides its information by reading the
parsed configuration, rather than reading the original configuration
file. There are a few limitations as a result of the way the parsed
configuration tree is created:
ServerRoot
,
LoadModule
, and
LoadFile
.
Include
,
<IfModule>
and
<IfDefine>
are not
listed, but the included configuration directives are.
.htaccess
files are
not listed (since they do not form part of the permanent server
configuration).<Directory>
are listed normally, but mod_info
cannot figure
out the line number for the closing
</Directory>
.
Description: | Adds additional information to the module information displayed by the server-info handler |
---|---|
Syntax: | AddModuleInfo module-name string |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_info |
This allows the content of string to be shown as HTML interpreted, Additional Information for the module module-name. Example:
AddModuleInfo mod_deflate.c 'See <a \ href="/docs/2.4/mod/mod_deflate.html">\ /docs/2.4/mod/mod_deflate.html</a>'