Re: mod_status over SSL?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/7/2021 5:18 PM, Dave Wreski wrote:


Hi,
I have an apache-2.4.48 server on fedora34 and would like to enable mod_status to be able to obtain server status information. However, the docs appear to say the only way to access it is over port 80, not SSL. Is that correct? 

Chrome is also expecting the site to be over SSL, of course.

https://httpd.apache.org/docs/2.4/mod/mod_status.html

Here is my virtual host entry on port 80:

<VirtualHost 209.216.111.156:80>
  ServerName darwin-perf.example.com
  ServerAdmin admin@xxxxxxxxxxx

  ErrorLog /var/www/otherdomains-443/logs/error_log
  CustomLog /var/www/otherdomains-443/logs/access_log timing
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %T/%D %I/%O/%B H:%H U:%U dp80 s:%s V:%V v:%v" timing 

    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1 localhost 192.168.1.0/24
    </Location>

    <Location /server-info>
        SetHandler server-info
        Order Deny,Allow
        Allow from ip 127.0.0.1 localhost 192.168.1.0/24
    </Location>

    <Location /perl-status>
      SetHandler perl-script
      PerlResponseHandler Apache2::Status
      Order deny,allow
      Deny from all
      Allow from ip 127.0.0.1 localhost 192.168.1.0/24
    </Location>

    <FilesMatch "^ping|status-fpm$">
      RewriteEngine Off
      SetHandler "proxy:unix:/run/php-fpm/linuxsecurity.sock|fcgi://localhost" 
    </FilesMatch>

</VirtualHost>
You have server-status defined within an 80/http virtual host and as such I expect it will only be available via port 80/http. You can define server-status more globally or within an https configuration depending on what you want to support. However, bottom line is server-status and server-info can be configured for https/443.
As an aside, you do want to be careful on your configuration for availability of server-status and server-info and likely not something you want to provide public access. I do see you are controlling access. However...  Order, Deny, Allow are deprecated in Apache 2.4 and you might want to consider reading: 
https://httpd.apache.org/docs/2.4/howto/access.html

Jim



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux