You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/08/21 11:18:20 UTC

DO NOT REPLY [Bug 49794] New: Denied access to mod_status displays wrong directory access

https://issues.apache.org/bugzilla/show_bug.cgi?id=49794

           Summary: Denied access to mod_status displays wrong directory
                    access
           Product: Apache httpd-2
           Version: 2.2.9
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: trivial
          Priority: P2
         Component: mod_status
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: thomas@preissler.co.uk


I enabled mod_status with

<Location /server-status>

     <IfModule mod_security2.c>
         SecRuleEngine Off
     </IfModule>

    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from localhost ip6-localhost
#    Allow from all
#    Allow from .example.com
</Location>

accessing it from localhost gives me a 403, Access Denied. When I look in the
global Apache error.log /var/log/apache2/error.log I see

[Fri Aug 20 23:11:55 2010] [error] [client 127.0.0.1] client denied by server
configuration: /htdocs

/htdocs is wrong, doesnt exist at all. And I am only accessing mod_status with

lynx http://localhost/server-status?auto

(with or without the "auto", doesnt make a difference).

I do have ModSecurity 2.5 enabled, but I get the same when I put it into
DetectionOnly. It is also disabled completely as you can see above.

When I add "127.0.0.1 ::1" to the Allow above it works fine, and that
particular display error is gone.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 49794] Denied access to mod_status displays wrong directory access

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49794

Takashi Sato <ta...@lans-tv.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #1 from Takashi Sato <ta...@lans-tv.com> ---
I tried with 2.2.24 and not reproduced.

My error log:
[Thu Apr 04 20:24:06 2013] [error] [client ::1] client denied by server
configuration: D:/soft/Apache2/htdocs/server-status

I read the source code, and found following:

        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
            "client denied by server configuration: %s%s",
            r->filename ? "" : "uri ",
            r->filename ? r->filename : r->uri);


So, your logs showed r->filename /htdocs.
I think this issue is not related to mod_status or mod_authz_host.
How about your directory mappping configs (DocumentRoot, RewriteRule, Alias,
...) ?

I set this RESOLVED WORKSFORME, but feel free to reopen if you can explain
further detailes.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org