You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/08/21 11:18:20 UTC
DO NOT REPLY [Bug 49794] New: Denied access to mod_status displays
wrong directory access
https://issues.apache.org/bugzilla/show_bug.cgi?id=49794
Summary: Denied access to mod_status displays wrong directory
access
Product: Apache httpd-2
Version: 2.2.9
Platform: PC
OS/Version: Linux
Status: NEW
Severity: trivial
Priority: P2
Component: mod_status
AssignedTo: bugs@httpd.apache.org
ReportedBy: thomas@preissler.co.uk
I enabled mod_status with
<Location /server-status>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost ip6-localhost
# Allow from all
# Allow from .example.com
</Location>
accessing it from localhost gives me a 403, Access Denied. When I look in the
global Apache error.log /var/log/apache2/error.log I see
[Fri Aug 20 23:11:55 2010] [error] [client 127.0.0.1] client denied by server
configuration: /htdocs
/htdocs is wrong, doesnt exist at all. And I am only accessing mod_status with
lynx http://localhost/server-status?auto
(with or without the "auto", doesnt make a difference).
I do have ModSecurity 2.5 enabled, but I get the same when I put it into
DetectionOnly. It is also disabled completely as you can see above.
When I add "127.0.0.1 ::1" to the Allow above it works fine, and that
particular display error is gone.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 49794] Denied access to mod_status displays wrong directory
access
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49794
Takashi Sato <ta...@lans-tv.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #1 from Takashi Sato <ta...@lans-tv.com> ---
I tried with 2.2.24 and not reproduced.
My error log:
[Thu Apr 04 20:24:06 2013] [error] [client ::1] client denied by server
configuration: D:/soft/Apache2/htdocs/server-status
I read the source code, and found following:
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client denied by server configuration: %s%s",
r->filename ? "" : "uri ",
r->filename ? r->filename : r->uri);
So, your logs showed r->filename /htdocs.
I think this issue is not related to mod_status or mod_authz_host.
How about your directory mappping configs (DocumentRoot, RewriteRule, Alias,
...) ?
I set this RESOLVED WORKSFORME, but feel free to reopen if you can explain
further detailes.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org