On 3/19/2015 1:24 PM, Daniel wrote:

2015-03-19 18:06 GMT+01:00 Robert Webb <rwebb@ropeguru.com>:
I don't agree with your analysis.

<ul><li><a href="healthcheck.php"> healthcheck.php</a></li> is an href inside an html page that does nothing until clicked on by the client.

This is all assuming that the access denied he is getting is from http://$(hostname>>-i)/server-status and "server-status" is the html page of the code he posted. Not when clicking on the healthcheck.php href link.


On Thu, 19 Mar 2015 17:57:09 +0100
 Daniel <dferradal@gmail.com> wrote:
2015-03-19 17:41 GMT+01:00 Tim Dunphy <bluethundr@gmail.com>:

Hey all,

 I'm attempting to setup the server-status module and limit access to it
by IP.

So I have this block in my apache configuration file:

#Mod_status config
    ExtendedStatus on
<Location /server-status>
    SetHandler server-status
    Require ip

And if I do a GET by IP, I'm getting permission denied

[root@uszwslp00031la apache2]# GET http://$(hostname -i)/server-status
  <title>Index of /</title>
<h1>Index of /</h1>
<ul><li><a href="healthcheck.php"> healthcheck.php</a></li>
<title>403 Forbidden</title>
*<p>You don't have permission to access /server-status*
on this server.<br />

Can someone please let me know where I'm going wrong?


GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B


This shoud give you a tip:
<h1>Index of /</h1>
<ul><li><a href="healthcheck.php"> healthcheck.php</a></li> <-------------
which has nothing to do with server-status

make sure you are accessing the correct virtualhost

*Daniel Ferradal*
IT Specialist

email         dferradal@gmail.com
linkedin     es.linkedin.com/in/danielferradal

Should that be the case he still needs to check the error.log

Daniel Ferradal
IT Specialist

email         dferradal@gmail.com
2015-03-19 20:33 GMT+01:00 Larry Irwin <larry.irwin@ccamedical.com>:
How about using this within a Directory entry:
                Order deny,allow
                Deny from all
                # Private IP ranges
                Allow from
                Allow from
And then add the server status are under that Directory...
Wouldn't that do it?
Larry Irwin
V.P. Development
CCA Medical
Ph: 864-233-2700 ext 225
Fax: 864-271-1755
Cell: 864-525-1322
Email: larry.irwin@ccamedical.com 

He is using Require, so 2.4.x. Using deprecated directives in 2.4 is not recommended.

The server-status uri will be a virtual path when you define the handler for it, not a real directory, so the logical way is calling it Location.

Also if you need to define ranges in 2.4 (not sure about 2.2 know) I don't think you need to use CIDR notation, even less if you use /32 hostmask which is the same as the IP alone. In 2.4 with Require you can even just specify part of the ip to define ranges: aka "Require ip 10" to allow

He needs to check source ip and error.log to know why he is being denied access.

Daniel Ferradal
IT Specialist

email         dferradal@gmail.com