LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-20-2019, 01:47 AM   #1
mozer
LQ Newbie
 
Registered: Sep 2013
Posts: 21

Rep: Reputation: Disabled
Post Server-status only localhost, not in ssl apache 2.2


Hello all,

I need to access server-status only from localhost so I created a basic rule in my httpd.conf, the server has SSL enabled

Code:
<IfModule mod_status.c>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
ExtendedStatus On
</IfModule>

LoadModule status_module modules/mod_status.so
it should only allow 127.0.0.1 connections but when i try to get the status from any ip of the server, i can access to it

Code:
[root@xxxxxxxx:/tmp]# wget 172.30.16.34:443/server-status
--2019-08-20 08:29:59--  http://172.30.16.34:443/server-status
Connecting to 172.30.16.34:443... conectado.
Petitionn HTTP sent, esperando respuesta... 200 No headers, assuming HTTP/0.9
Longitud: no especificado
Saving to: `server-status.7'

    [ <=>                                                                                          ] 480         --.-K/s   in 0s

2019-08-20 08:29:59 (73,9 MB/s) - `server-status.7' saved [480]
also tried to create a <Virtualhost*:443> using the same code, with no results

what am i doing wrong?

thanks!
 
Old 08-20-2019, 03:44 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Your config snippet looks good.
You can omit the <IfModule mod_status.c> and </IfModule> lines, because the mod_status module is loaded.

That said, make sure that the "Location /server-status" stuff is only defined once in apache config files and that you restart apache after editing configuration.
Regards
 
1 members found this post helpful.
Old 08-20-2019, 04:07 AM   #3
mozer
LQ Newbie
 
Registered: Sep 2013
Posts: 21

Original Poster
Rep: Reputation: Disabled
Thanks, but the directive should not let me get server status from an ip, only from 127.0.0.1 (localhost) why i can do it with wget xx.xx.xx.xx/server-status?

Cheers....
 
Old 08-20-2019, 04:47 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Quote:
Originally Posted by mozer View Post
Thanks, but the directive should not let me get server status from an ip, only from 127.0.0.1 (localhost) why i can do it with wget xx.xx.xx.xx/server-status?

Cheers....
That's why I told you to restart apache after editing the config files.
Also try both http and https methods and see whta you get:
Code:
wget http://xx.xx.xx.xx/server-status
wget https://xx.xx.xx.xx/server-status
 
Old 08-20-2019, 04:57 AM   #5
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,940

Rep: Reputation: 1211Reputation: 1211Reputation: 1211Reputation: 1211Reputation: 1211Reputation: 1211Reputation: 1211Reputation: 1211Reputation: 1211
Quote:
Originally Posted by mozer View Post
it should only allow 127.0.0.1 connections but when i try to get the status from any ip of the server, i can access to it

also tried to create a <Virtualhost*:443> using the same code, with no results

what am i doing wrong?
When you showed the wget request were you doing that on the server?

It's not clear from what you say from any ip of the server, if the server has multiple IP addresses then you're confusing the Listen directives with the Deny/Allow directives. Deny/Allow have NOTHING to do with what IP the status page appears ON, they control which IP has access to it. If you've a vhost configured as *:443 that will listen on all the IP addresses of the server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] What UFW rule will allow port 80 to localhost but only from localhost? wh33t Ubuntu 1 12-14-2016 11:13 PM
Apache2 and SSL listen only on localhost gando Linux - Software 11 05-21-2013 01:53 AM
[SOLVED] Phpmyadmin only allowed from localhost - do I still need ssl? Linuxstudent Linux - Security 2 10-23-2011 08:34 AM
apache : localhost/ works localhost/index.html does not PhilA Linux - Server 4 05-27-2007 07:32 PM
apache http://localhost/mysite ---> http://localhost/mysite/index.php how? ilnli Linux - General 8 06-04-2005 03:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration