From 584cbe80152ed3bb8cdbedc41c43d63cd10ca799 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 18 Jun 2018 03:28:58 +0100 Subject: Clarify the documentation for m_httpd and m_httpd_{config,stats}. Thanks to @SleepyEntropy for pointing out that multiple internet- accessible servers do not have these modules correctly configured. --- docs/conf/modules.conf.example | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'docs/conf/modules.conf.example') diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index c3f074b94..a538ea879 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -890,6 +890,8 @@ # If you choose to use the m_httpd.so module, then you will need to add # a tag with type "httpd", and load at least one of the other # m_httpd_* modules to provide pages to display. +# +# # # You can adjust the timeout for HTTP connections below. All HTTP # connections will be closed after (roughly) this many seconds. @@ -912,13 +914,22 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# HTTP config module: Allows the configuration of the server to be -# viewed over HTTP. Requires m_httpd.so to be loaded for it to function. +# HTTP config module: Allows the server configuration to be viewed over +# HTTP via the /config path. Requires m_httpd.so to be loaded for it to +# function. +# +# IMPORTANT: This module exposes extremely sensitive information about +# your server and users so you *MUST* protect it using a local-only +# tag and/or the m_httpd_acl.so module. See above for details. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# HTTP stats module: Provides basic stats pages over HTTP. -# Requires m_httpd.so to be loaded for it to function. +# HTTP stats module: Provides server statistics over HTTP via the /stats +# path. Requires m_httpd.so to be loaded for it to function. +# +# IMPORTANT: This module exposes extremely sensitive information about +# your server and users so you *MUST* protect it using a local-only +# tag and/or the m_httpd_acl.so module. See above for details. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -- cgit v1.2.3