docs/manual/mod/mod_info.xml - httpd - Git at Google

 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
 <!-- $LastChangedRevision$ -->

 <!--
  Copyright 2002-2005 The Apache Software Foundation or its licensors, as
  applicable.

  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->

 <modulesynopsis metafile="mod_info.xml.meta">

 <name>mod_info</name>
 <description>Provides a comprehensive overview of the server
 configuration</description>
 <status>Extension</status>
 <sourcefile>mod_info.c</sourcefile>
 <identifier>info_module</identifier>

 <summary>
     <p>To configure <module>mod_info</module>, add the following to your
     <code>httpd.conf</code> file.</p>

     <example>
       &lt;Location /server-info&gt;<br />
       <indent>
         SetHandler server-info<br />
       </indent>
       &lt;/Location&gt;
     </example>

     <p>You may wish to use <module>mod_access</module> inside the
     <directive type="section" module="core">Location</directive>
     directive to limite access to your server configuration
     information:</p>

     <example>
       &lt;Location /server-info&gt;<br />
       <indent>
         SetHandler server-info<br />
         Order deny,allow<br />
         Deny from all<br />
         Allow from yourcompany.com<br />
       </indent>
       &lt;/Location&gt;
     </example>

     <p>Once configured, the server information is obtained by
     accessing <code>http://your.host.example.com/server-info</code></p>
 </summary>

 <section id="security"><title>Security Issues</title>
     <p>Once <module>mod_info</module> is loaded into the server, its
     handler capability is available in <em>all</em> configuration
     files, including per-directory files (<em>e.g.</em>,
     <code>.htaccess</code>). This may have security-related
     ramifications for your site.</p>

     <p>In particular, this module can leak sensitive information
     from the configuration directives of other Apache modules such as
     system paths, usernames/passwords, database names, etc. Therefore,
     this module should <strong>only</strong> be
     used in a controlled environment and always with caution.</p>

     <p>You will probably want to use <module>mod_authz_host</module>
     to limit access to your server configuration information.</p>

     <example><title>Access control</title>
       &lt;Location /server-info&gt;<br />
       <indent>
         SetHandler server-info<br />
         Order allow,deny<br />
         # Allow access from server itself<br />
         Allow from 127.0.0.1<br />
         # Additionally, allow access from local workstation<br />
         Allow from 192.168.1.17<br />
       </indent>
       &lt;/Location&gt;
     </example>
 </section>

 <section id="queries"><title>Selecting the information shown</title>
     <p>By default, the server information includes a list of
     all enabled modules, and for each module, a description of
     the directives understood by that module, the hooks implemented
     by that module, and the relevant directives from the current
     configuration.</p>

     <p>Other views of the configuration information are available by
     appending a query to the <code>server-info</code> request. For
     example, <code>http://your.host.example.com/server-info?config</code>
     will show all configuration directives.</p>

     <dl>
         <dt><code>?&lt;module-name&gt;</code></dt>
             <dd>Only information relevant to the named module</dd>
         <dt><code>?config</code></dt>
             <dd>Just the configuration directives, not sorted by module</dd>
         <dt><code>?hooks</code></dt>
             <dd>Only the list of Hooks each module is attached to</dd>
         <dt><code>?list</code></dt>
             <dd>Only a simple list of enabled modules</dd>
         <dt><code>?server</code></dt>
             <dd>Only the basic server information</dd>
     </dl>
 </section>

 <section id="limitations"><title>Known Limitations</title>
     <p><module>mod_info</module> provides its information by reading the
     parsed configuration, rather than reading the original configuration
     file. There are a few limitations as a result of the way the parsed
     configuration tree is created:</p>
     <ul>
       <li>Directives which are executed immediately rather than being
           stored in the parsed configuration are not listed. These include
           <directive module="core">ServerRoot</directive>,
           <directive module="mod_so">LoadModule</directive>, and
           <directive module="mod_so">LoadFile</directive>.</li>
       <li>Directives which control the configuration file itself, such as
           <directive module="core">Include</directive>,
           <directive module="core">&lt;IfModule&gt;</directive> and
           <directive module="core">&lt;IfDefine&gt;</directive> are not
           listed, but the included configuration directives are.</li>
       <li>Comments are not listed. (This may be considered a feature.)</li>
       <li>Configuration directives from <code>.htaccess</code> files are
           not listed (since they do not form part of the permanent server
           configuration).</li>
       <li>Container directives such as
           <directive module="core">&lt;Directory&gt;</directive>
           are listed normally, but <module>mod_info</module> cannot figure
           out the line number for the closing
           <directive module="core">&lt;/Directory&gt;</directive>.</li>
       <li>Directives generated by third party modules such as <module>mod_perl</module>
           might not be listed.</li>
     </ul>
 </section>

 <directivesynopsis>
 <name>AddModuleInfo</name>
 <description>Adds additional information to the module
 information displayed by the server-info handler</description>
 <syntax>AddModuleInfo <var>module-name</var> <var>string</var></syntax>
 <contextlist><context>server config</context><context>virtual host</context>
 </contextlist>
 <compatibility>Apache 1.3 and above</compatibility>

 <usage>
     <p>This allows the content of <var>string</var> to be shown as
     HTML interpreted, <strong>Additional Information</strong> for
     the module <var>module-name</var>. Example:</p>

     <example>
       AddModuleInfo mod_deflate.c 'See &lt;a \<br />
       <indent>
         href="http://www.apache.org/docs/&httpd.docs;/mod/mod_deflate.html"&gt;\<br />
         http://www.apache.org/docs/&httpd.docs;/mod/mod_deflate.html&lt;/a&gt;'
       </indent>
     </example>
 </usage>

 </directivesynopsis>
 </modulesynopsis>
	<?xml version="1.0"?>
	<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
	<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
	<!-- $LastChangedRevision$ -->

	<!--
	Copyright 2002-2005 The Apache Software Foundation or its licensors, as
	applicable.

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<modulesynopsis metafile="mod_info.xml.meta">

	<name>mod_info</name>
	<description>Provides a comprehensive overview of the server
	configuration</description>
	<status>Extension</status>
	<sourcefile>mod_info.c</sourcefile>
	<identifier>info_module</identifier>

	<summary>
	<p>To configure <module>mod_info</module>, add the following to your
	<code>httpd.conf</code> file.</p>

	<example>
	<Location /server-info><br />
	<indent>
	SetHandler server-info<br />
	</indent>
	</Location>
	</example>

	<p>You may wish to use <module>mod_access</module> inside the
	<directive type="section" module="core">Location</directive>
	directive to limite access to your server configuration
	information:</p>

	<example>
	<Location /server-info><br />
	<indent>
	SetHandler server-info<br />
	Order deny,allow<br />
	Deny from all<br />
	Allow from yourcompany.com<br />
	</indent>
	</Location>
	</example>

	<p>Once configured, the server information is obtained by
	accessing <code>http://your.host.example.com/server-info</code></p>
	</summary>

	<section id="security"><title>Security Issues</title>
	<p>Once <module>mod_info</module> is loaded into the server, its
	handler capability is available in <em>all</em> configuration
	files, including per-directory files (<em>e.g.</em>,
	<code>.htaccess</code>). This may have security-related
	ramifications for your site.</p>

	<p>In particular, this module can leak sensitive information
	from the configuration directives of other Apache modules such as
	system paths, usernames/passwords, database names, etc. Therefore,
	this module should <strong>only</strong> be
	used in a controlled environment and always with caution.</p>

	<p>You will probably want to use <module>mod_authz_host</module>
	to limit access to your server configuration information.</p>

	<example><title>Access control</title>
	<Location /server-info><br />
	<indent>
	SetHandler server-info<br />
	Order allow,deny<br />
	# Allow access from server itself<br />
	Allow from 127.0.0.1<br />
	# Additionally, allow access from local workstation<br />
	Allow from 192.168.1.17<br />
	</indent>
	</Location>
	</example>
	</section>

	<section id="queries"><title>Selecting the information shown</title>
	<p>By default, the server information includes a list of
	all enabled modules, and for each module, a description of
	the directives understood by that module, the hooks implemented
	by that module, and the relevant directives from the current
	configuration.</p>

	<p>Other views of the configuration information are available by
	appending a query to the <code>server-info</code> request. For
	example, <code>http://your.host.example.com/server-info?config</code>
	will show all configuration directives.</p>

	<dl>
	<dt><code>?<module-name></code></dt>
	<dd>Only information relevant to the named module</dd>
	<dt><code>?config</code></dt>
	<dd>Just the configuration directives, not sorted by module</dd>
	<dt><code>?hooks</code></dt>
	<dd>Only the list of Hooks each module is attached to</dd>
	<dt><code>?list</code></dt>
	<dd>Only a simple list of enabled modules</dd>
	<dt><code>?server</code></dt>
	<dd>Only the basic server information</dd>
	</dl>
	</section>

	<section id="limitations"><title>Known Limitations</title>
	<p><module>mod_info</module> provides its information by reading the
	parsed configuration, rather than reading the original configuration
	file. There are a few limitations as a result of the way the parsed
	configuration tree is created:</p>
	<ul>
	<li>Directives which are executed immediately rather than being
	stored in the parsed configuration are not listed. These include
	<directive module="core">ServerRoot</directive>,
	<directive module="mod_so">LoadModule</directive>, and
	<directive module="mod_so">LoadFile</directive>.</li>
	<li>Directives which control the configuration file itself, such as
	<directive module="core">Include</directive>,
	<directive module="core"><IfModule></directive> and
	<directive module="core"><IfDefine></directive> are not
	listed, but the included configuration directives are.</li>
	<li>Comments are not listed. (This may be considered a feature.)</li>
	<li>Configuration directives from <code>.htaccess</code> files are
	not listed (since they do not form part of the permanent server
	configuration).</li>
	<li>Container directives such as
	<directive module="core"><Directory></directive>
	are listed normally, but <module>mod_info</module> cannot figure
	out the line number for the closing
	<directive module="core"></Directory></directive>.</li>
	<li>Directives generated by third party modules such as <module>mod_perl</module>
	might not be listed.</li>
	</ul>
	</section>

	<directivesynopsis>
	<name>AddModuleInfo</name>
	<description>Adds additional information to the module
	information displayed by the server-info handler</description>
	<syntax>AddModuleInfo <var>module-name</var> <var>string</var></syntax>
	<contextlist><context>server config</context><context>virtual host</context>
	</contextlist>
	<compatibility>Apache 1.3 and above</compatibility>

	<usage>
	<p>This allows the content of <var>string</var> to be shown as
	HTML interpreted, <strong>Additional Information</strong> for
	the module <var>module-name</var>. Example:</p>

	<example>
	AddModuleInfo mod_deflate.c 'See <a \<br />
	<indent>
	href="http://www.apache.org/docs/&httpd.docs;/mod/mod_deflate.html">\<br />
	http://www.apache.org/docs/&httpd.docs;/mod/mod_deflate.html</a>'
	</indent>
	</example>
	</usage>

	</directivesynopsis>
	</modulesynopsis>