> > On 3/19/2015 1:24 PM, Daniel wrote: > > > > 2015-03-19 18:06 GMT+01:00 Robert Webb <rw...@ropeguru.com>: > >> I don't agree with your analysis. >> >> <ul><li><a href="healthcheck.php"> healthcheck.php</a></li> is an href >> inside an html page that does nothing until clicked on by the client. >> >> This is all assuming that the access denied he is getting is from >> http://$(hostname>>-i)/server-status and "server-status" is the html >> page of the code he posted. Not when clicking on the healthcheck.php href >> link. >> >> >> Robert >> >> >> On Thu, 19 Mar 2015 17:57:09 +0100 >> Daniel <dferra...@gmail.com> wrote: >> >>> 2015-03-19 17:41 GMT+01:00 Tim Dunphy <bluethu...@gmail.com>: >>> >>> Hey all, >>>> >>>> I'm attempting to setup the server-status module and limit access to it >>>> by IP. >>>> >>>> So I have this block in my apache configuration file: >>>> >>>> #Mod_status config >>>> ExtendedStatus on >>>> <Location /server-status> >>>> SetHandler server-status >>>> Require ip 10.10.10.5 127.0.0.1 >>>> </Location> >>>> >>>> And if I do a GET by IP, I'm getting permission denied >>>> >>>> [root@uszwslp00031la apache2]# GET http://$(hostname -i)/server-status >>>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> >>>> <html> >>>> <head> >>>> <title>Index of /</title> >>>> </head> >>>> <body> >>>> <h1>Index of /</h1> >>>> <ul><li><a href="healthcheck.php"> healthcheck.php</a></li> >>>> </ul> >>>> </body></html> >>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>> <html><head> >>>> <title>403 Forbidden</title> >>>> </head><body> >>>> <h1>Forbidden</h1> >>>> *<p>You don't have permission to access /server-status* >>>> on this server.<br /> >>>> </p> >>>> </body></html> >>>> >>>> Can someone please let me know where I'm going wrong? >>>> >>>> Thanks >>>> Tim >>>> >>>> -- >>>> GPG me!! >>>> >>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >>>> >>>> >>>> Hello, >>> >>> This shoud give you a tip: >>> <h1>Index of /</h1> >>> <ul><li><a href="healthcheck.php"> healthcheck.php</a></li> >>> <------------- >>> which has nothing to do with server-status >>> >>> make sure you are accessing the correct virtualhost >>> >>> -- >>> *Daniel Ferradal* >>> IT Specialist >>> >>> email dferra...@gmail.com >>> linkedin es.linkedin.com/in/danielferradal >>> >> >> >> > Should that be the case he still needs to check the error.log > > > -- > *Daniel Ferradal* > IT Specialist > > email dferra...@gmail.com > linkedin es.linkedin.com/in/danielferradal > > 2015-03-19 20:33 GMT+01:00 Larry Irwin <larry.ir...@ccamedical.com>: > >> How about using this within a Directory entry: >> Order deny,allow >> Deny from all >> # Private IP ranges >> Allow from 127.0.0.1/32 >> Allow from 10.0.0.5/32 >> And then add the server status are under that Directory... >> Wouldn't that do it? >> > -- > Larry Irwin > V.P. Development > CCA Medical > Ph: 864-233-2700 ext 225 > Fax: 864-271-1755 > Cell: 864-525-1322 > Email: larry.ir...@ccamedical.com > > He is using Require, so 2.4.x. Using deprecated directives in 2.4 is not recommended.
The server-status uri will be a virtual path when you define the handler for it, not a real directory, so the logical way is calling it Location. Also if you need to define ranges in 2.4 (not sure about 2.2 know) I don't think you need to use CIDR notation, even less if you use /32 hostmask which is the same as the IP alone. In 2.4 with Require you can even just specify part of the ip to define ranges: aka "Require ip 10" to allow 10.0.0.0/8. He needs to check source ip and error.log to know why he is being denied access. -- *Daniel Ferradal* IT Specialist email dferra...@gmail.com linkedin es.linkedin.com/in/danielferradal
