InformationThe Apache mod_info module provides information on the server configuration via access to a /server-info URL location.
While having server configuration information available as a web page may be convenient it's recommended that this module NOT be enabled. Once mod_info is loaded into the server, its handler capability is available in per-directory .htaccess files and can leak sensitive information from the configuration directives of other Apache modules such as system paths, usernames/passwords, database names, etc.
SolutionPerform either one of the following to disable the mod_info module:
For source builds with static modules, run the Apache ./configure script without including the mod_info in the --enable-modules= configure script options.
$ cd $DOWNLOAD_HTTPD
For dynamically loaded modules, comment out or remove the LoadModule directive for the mod_info module from the httpd.conf file.
##LoadModule info_module modules/mod_info.so
The mod_info module is not enabled with a default source build.