prevent access to status | apache

16/02/2005, 22h18

Greetings -

I like to be able to look at the extended status page on my web server
(running apache 2.0.53), but I want to restrict access to that page to
a particular ip address. I've tried the following

ExtendedStatus On
<Location /status>
order deny,allow
allow from my.ip.address.here
deny from all
</Location>

in the httpd.conf file, but this doesn't seem to do the trick. I can
still access the status page from any ip address.

Obviously, I'm missing something - any /suggestions appreciated).

THanks in advance...

17/02/2005, 09h43

On Wed, 16 Feb 2005 17:18:03 -0500,
cooch17@NOSPAMverizon.net posted:

> Greetings -
>
> I like to be able to look at the extended status page on my web server
> (running apache 2.0.53), but I want to restrict access to that page to
> a particular ip address. I've tried the following
>
> ExtendedStatus On
> <Location /status>
> order deny,allow
> allow from my.ip.address.here
> deny from all
> </Location>
>
> in the httpd.conf file, but this doesn't seem to do the trick. I can
> still access the status page from any ip address.

Mine's: <Location /server-status>

You might also want to do a similar block for: <Location /server-info>

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.

17/02/2005, 14h28

On Thu, 17 Feb 2005 20:13:58 +1030, Tim <tim@mail.localhost.invalid>
>>
>> ExtendedStatus On
>> <Location /status>
>> order deny,allow
>> allow from my.ip.address.here
>> deny from all
>> </Location>
>>
>> in the httpd.conf file, but this doesn't seem to do the trick. I can
>> still access the status page from any ip address.
>
>Mine's: <Location /server-status>
>

Actually, I tried that - makes no difference. I can still access the
status page from any ip I try. I've also tried

<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from my.ip.address.here
</Location>

Same diff - doesn't work. I can still access the status page from any
ip I try it from.

Weird. Any ideas?

17/02/2005, 14h33

On Thu, 17 Feb 2005 09:28:04 -0500, cooch17@NOSPAMverizon.net wrote:

Figured out the problem - turns out I'd overridden the settiings later
on in the httpd.conf file.

Sigh...looks like its one of those days. :-)

16/02/2005, 22h18	#1
cooch17@NOSPAMverizon.net Messages: n/a Hébergeur:	prevent access to status \| apache Greetings - I like to be able to look at the extended status page on my web server (running apache 2.0.53), but I want to restrict access to that page to a particular ip address. I've tried the following ExtendedStatus On <Location /status> order deny,allow allow from my.ip.address.here deny from all </Location> in the httpd.conf file, but this doesn't seem to do the trick. I can still access the status page from any ip address. Obviously, I'm missing something - any /suggestions appreciated). THanks in advance...

17/02/2005, 09h43	#2
Tim Messages: n/a Hébergeur:	Re: prevent access to status \| apache On Wed, 16 Feb 2005 17:18:03 -0500, cooch17@NOSPAMverizon.net posted: > Greetings - > > I like to be able to look at the extended status page on my web server > (running apache 2.0.53), but I want to restrict access to that page to > a particular ip address. I've tried the following > > ExtendedStatus On > <Location /status> > order deny,allow > allow from my.ip.address.here > deny from all > </Location> > > in the httpd.conf file, but this doesn't seem to do the trick. I can > still access the status page from any ip address. Mine's: <Location /server-status> You might also want to do a similar block for: <Location /server-info> -- If you insist on e-mailing me, use the reply-to address (it's real but temporary). But please reply to the group, like you're supposed to. This message was sent without a virus, please delete some files yourself.

17/02/2005, 14h28	#3
cooch17@NOSPAMverizon.net Messages: n/a Hébergeur:	Re: prevent access to status \| apache On Thu, 17 Feb 2005 20:13:58 +1030, Tim <tim@mail.localhost.invalid> >> >> ExtendedStatus On >> <Location /status> >> order deny,allow >> allow from my.ip.address.here >> deny from all >> </Location> >> >> in the httpd.conf file, but this doesn't seem to do the trick. I can >> still access the status page from any ip address. > >Mine's: <Location /server-status> > Actually, I tried that - makes no difference. I can still access the status page from any ip I try. I've also tried <Location /server-status> SetHandler server-status Order Deny,Allow Deny from all Allow from my.ip.address.here </Location> Same diff - doesn't work. I can still access the status page from any ip I try it from. Weird. Any ideas?

17/02/2005, 14h33	#4
cooch17@NOSPAMverizon.net Messages: n/a Hébergeur:	Re: prevent access to status \| solved On Thu, 17 Feb 2005 09:28:04 -0500, cooch17@NOSPAMverizon.net wrote: Figured out the problem - turns out I'd overridden the settiings later on in the httpd.conf file. Sigh...looks like its one of those days. :-)

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email