2015-03-19 20:33 GMT+01:00 Larry Irwin <larry.irwin@xxxxxxxxxxxxxx>:
On 3/19/2015 1:24 PM, Daniel wrote:
2015-03-19 18:06 GMT+01:00 Robert Webb <rwebb@xxxxxxxxxxxx>:--
I don't agree with your analysis.
<ul><li><a href="" healthcheck.php</a></li> is an href inside an html page that does nothing until clicked on by the client.
This is all assuming that the access denied he is getting is from http://$(hostname>>-i)/server-status and "server-status" is the html page of the code he posted. Not when clicking on the healthcheck.php href link.
RobertHello,*<p>You don't have permission to access /server-status*Hey all,
I'm attempting to setup the server-status module and limit access to it
by IP.
So I have this block in my apache configuration file:
#Mod_status config
ExtendedStatus on
<Location /server-status>
SetHandler server-status
Require ip 10.10.10.5 127.0.0.1
</Location>
And if I do a GET by IP, I'm getting permission denied
[root@uszwslp00031la apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<ul><li><a href="" healthcheck.php</a></li>
</ul>
</body></html>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
on this server.<br />
</p>
</body></html>
Can someone please let me know where I'm going wrong?
Thanks
Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
This shoud give you a tip:
<h1>Index of /</h1>
<ul><li><a href="" healthcheck.php</a></li> <-------------
which has nothing to do with server-status
make sure you are accessing the correct virtualhost
--
*Daniel Ferradal*
IT Specialist
email dferradal@xxxxxxxxx
linkedin es.linkedin.com/in/danielferradal
Should that be the case he still needs to check the error.log
How about using this within a Directory entry:
Order deny,allow
Deny from all
# Private IP ranges
Allow from 127.0.0.1/32
Allow from 10.0.0.5/32
And then add the server status are under that Directory...
Wouldn't that do it?-- Larry Irwin V.P. Development CCA Medical Ph: 864-233-2700 ext 225 Fax: 864-271-1755 Cell: 864-525-1322 Email: larry.irwin@xxxxxxxxxxxxxx
He is using Require, so 2.4.x. Using deprecated directives in 2.4 is not recommended.The server-status uri will be a virtual path when you define the handler for it, not a real directory, so the logical way is calling it Location.Also if you need to define ranges in 2.4 (not sure about 2.2 know) I don't think you need to use CIDR notation, even less if you use /32 hostmask which is the same as the IP alone. In 2.4 with Require you can even just specify part of the ip to define ranges: aka "Require ip 10" to allow 10.0.0.0/8.He needs to check source ip and error.log to know why he is being denied access.
|