You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/08/18 08:40:32 UTC
DO NOT REPLY [Bug 22499] New: -
/server-status does NOT honor access-clause "deny"
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22499>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22499
/server-status does NOT honor access-clause "deny"
Summary: /server-status does NOT honor access-clause "deny"
Product: Apache httpd-1.3
Version: 1.3.28
Platform: Alpha
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Other
AssignedTo: bugs@httpd.apache.org
ReportedBy: rosenbach@seninn.verwalt-berlin.de
OS is Tru64 UNIX 4.0E patchkit 4.
mod_status is compiled and enabled (and works).
I introduced (as stated in ./manual/mod/mod_status.html#extendedstatus)
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from myhost.foo.com
</Location>
But other hosts than the given one are allowed to see the server status!
BTW: in my case "myhost" and the other host were connected via some proxy-
server (which is NOT myhost).
So, in my point of view, NONE of them should have been honored given the config
above ... ???
Best regards, Martin Rosenbach
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org