Server Version: GitHub.com (Linux)
Server MPM: event
Server Built: When you weren't looking
Current Time: Right now, your local time
Restart Time: Never, by design
Notice:
This endpoint would normally hand a stranger your entire
server configuration. By design, on this domain, it does not.
If you typed github.com/server-info hoping to find a juicy GitHub internals page — sorry, and also, you're welcome. GitHub does not expose a mod_info endpoint. It would be a very bad day for everyone if it did.
This account exists to give a friendly nudge to anyone running Apache on the open internet: mod_info is a debugging tool, not a public endpoint. Every repo here is a file or path that should never be reachable through a browser. Each one has a README walking through what the file is, how it leaks, and how to make sure the real version on your server returns a polite 403.
| Module | Repo | What it leaks |
|---|---|---|
mod_access |
.htaccess |
Per-directory Apache configuration |
mod_auth |
.htpasswd |
Usernames and password hashes |
More to come. If there's a path on the internet that gets scanned a million times a day and shouldn't, it probably belongs here.
From a machine that isn't your server:
curl -I https://your-domain.example/server-info
curl -I https://your-domain.example/server-statusA 403 or 404 is the right answer. Anything else is your weekend.
The fix, in case you need it, is one <Location> block:
<Location "/server-info">
SetHandler server-info
Require ip 127.0.0.1
Require ip ::1
</Location>Repeat for /server-status. Reload Apache. Re-run the curl. Sleep better.
/server-info and /server-status sit in the top tier of internet-wide scanned endpoints. The configurations that leave them open are almost always inherited — a tutorial from 2014, a forgotten staging vhost, a LoadModule info_module line that nobody dared remove. The fix takes thirty seconds. The cost of not fixing it is a stranger reading your entire Apache configuration over a cup of tea, and then your .htpasswd, and then your database.
If this account got you to run curl -I against your own domain this afternoon, it did its job.
A public-interest curiosity. Not affiliated with GitHub, the Apache Software Foundation, or any project referenced here. Issues and PRs welcome on individual repos.