Re: apache 2.4 allow by IP

[Tim Dunphy <bluethundr@xxxxxxxxx>]

Hello Kees,

 Thanks for that suggestion. Not sure if I understood you correctly, but this is what I tried:

#Mod_status config

    ExtendedStatus on

<VirtualHost *>

    ServerAdmin     webmaster@xxxxxxxxxx

    DocumentRoot    /opt/apache2/htdocs/hcphp.nbc.com

    ServerName      hcphp.nbc.com

    ServerAlias     phphc.nbc.com 10.10.10.5  uszwsls00015la.dmz.tfayd.com

<Directory /*>

        AddHandler cgi-script .cgi

        Options -Indexes +FollowSymLinks +ExecCGI +Includes

        AllowOverride All

        Require all granted

</Directory>

     RewriteEngine On

     RewriteCond %{REQUEST_METHOD} ^TRACE

     RewriteRule .* - [F]

     ExpiresActive On

     ExpiresDefault "access plus 30 minutes"

<Location /server-status>

    SetHandler server-status

    Require ip 10.10.10.5

    #Require all granted

</Location>

 </VirtualHost>

But that didn't change my result:

[root@uszwsls00015la apache2]# GET http://$(hostname -i)/server-status

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<html>

 <head>

  <title>Index of /</title>

 </head>

 <body>

<h1>Index of /</h1>

<ul><li><a href="" healthcheck.php</a></li>

</ul>

</body></html>

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

<p>You don't have permission to access /server-status

on this server.<br />

</p>

</body></html>

And the same entry was added to the error log as before:

[Thu Mar 19 16:19:41.577437 2015] [authz_core:error] [pid 57932:tid 140005330646784] [client 10.10.10.5:30780] AH01630: client denied by server configuration: /opt/apache2/htdocs/hcphp.nbc.com/server-status

Does anyeone have any other ideas? Would showing more of the config be helpful?

Thanks

Tim

On Thu, Mar 19, 2015 at 6:59 PM, Kees Nuyt <k.nuyt@xxxxxxxxx> wrote:

On Thu, 19 Mar 2015 16:26:28 -0400, you wrote:

>This is what I'm seeing in the error logs:
>
>[Thu Mar 19 13:22:34.274686 2015] [authz_core:error] [pid 56979:tid
>140005409228544] [client 216.178.108.232:63636] AH01630: client denied by
>server configuration: /opt/apache2/htdocs/hcphp.nbc.com/server-status
>
>But that error seems to be referencing another VHOST:
>
>
>#Mod_status config
>    ExtendedStatus on
><Location /server-status>
>    SetHandler server-status
>    Require ip 10.10.10.5
>    #Require all granted
></Location>
>
><VirtualHost *>
>    ServerAdmin     webmaster@xxxxxxxxxxxxx
>    DocumentRoot    /opt/apache2/htdocs/hcphp.nbc.com
>    ServerName      hcphp.nbc.com
>    ServerAlias     phphc.nbc.com 10.10.10.5  uszwsls00015la.dmz.tfayd.com
><Directory /*>
>        AddHandler cgi-script .cgi
>        Options -Indexes +FollowSymLinks +ExecCGI +Includes
>        AllowOverride All
>        Require all granted
></Directory>
>     RewriteEngine On
>     RewriteCond %{REQUEST_METHOD} ^TRACE
>     RewriteRule .* - [F]
>     ExpiresActive On
>     ExpiresDefault "access plus 30 minutes"
> </VirtualHost>
>
>I'm still not sure why this is happening. Any help/clues would be
>appreciated!
>
>Tim

The first virtual host is the default servername.
You could try to move the <Location ...> ... server-status ... </Location>
block into that <VirtualHost ... ></VirtualHost> block.

--
Regards, Cordialement, Groet,

Kees Nuyt

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

--

GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B