Information
The Apache 'mod_info' module provides information on the server configuration via access to a '/server-info' URL location.
Rationale:
While having server configuration information available as a web page may be convenient it's recommended that this module NOT be enabled.
Once 'mod_info' is loaded into the server, its handler capability is available in per-directory '.htaccess' files and can leak sensitive information from the configuration directives of other Apache modules such as system paths, usernames/passwords, database names, etc.
Solution
Perform either one of the following to disable the 'mod_info' module:
1. For source builds with static modules, run the Apache './configure' script without including the 'mod_info' in the '--enable-modules= configure' script options.
$ cd $DOWNLOAD_HTTPD
$ ./configure
2. For dynamically loaded modules, comment out or remove the 'LoadModule' directive for the 'mod_info' module from the 'httpd.conf' file.
##LoadModule info_module modules/mod_info.so