Apache modules and security
Posted: 08. May 2014 15:02Lots of recommendations for making Apache servers more secure say how important it is to avoid loading unnecessary modules.
In particular, the modules mod_autoindex and mod_info should always be avoided if possible.
However, XAMPP loads these modules as standard, and does not seem to work if these modules are not loaded.
Two questions:
1) What are they actually needed for in XAMPP?
2) What else would I have to remove if I wanted NOT to be obliged to load these modules?
I am using XAMPP version 1.8.1 for Linux, but I can see that the situation is unchanged in version 1.8.3.
Robin
In particular, the modules mod_autoindex and mod_info should always be avoided if possible.
However, XAMPP loads these modules as standard, and does not seem to work if these modules are not loaded.
Two questions:
1) What are they actually needed for in XAMPP?
2) What else would I have to remove if I wanted NOT to be obliged to load these modules?
I am using XAMPP version 1.8.1 for Linux, but I can see that the situation is unchanged in version 1.8.3.
Robin