Note that the configuration files are read by the
module at run-time, and therefore the display may
reflect the running server's active
configuration if the files have been changed since the server
was last reloaded. Also, the configuration files must be
readable by the user as which the server is running (see the
else the directive settings will not be listed.
It should also be noted that if
mod_info is compiled into the server, its
handler capability is available in all configuration
files, including per-directory files (e.g.,
.htaccess). This may have security-related
ramifications for your site.
In particular, this module can leak sensitive information
from the configuration directives of other Apache modules such as
system paths, usernames/passwords, database names, etc. Due to
the way this module works there is no way to block information
from it. Therefore, this module should only be
used in a controlled environment and always with caution.