You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by RuneImp <ru...@imptech.net> on 2001/12/13 11:55:27 UTC

/server-status

I'm trying to setup the /server-status & /server-info pages
so that they are only viewable like this:
http://admin.imptech.net/server-status

I reviewed the Allow, Deny & Order directives in the Apache
Manual & from what they say the following should work.

<Location /server-status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    Allow from admin.imptech.net
</Location>

But each time I get:

403 Forbidden

Forbidden
You don't have permission to access /server-status on this server.


------------------------------------------------------------------

Apache/1.3.22 Server at admin.imptech.net Port 80


I've played around with it reversing the Order & different things.
But essentially unless I allow access to all domains by either
setting "Allow from all" or setting something like "Deny from blah"
(which is garbage & just ignores the denial of anything) I get the
forbidden message.


-=- RuneImp
ImpTech - Web Design, Hosting & Computer Tech
http://imptech.net
rune@imptech.net


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: generic page

Posted by Joshua Slive <jo...@slive.ca>.


> From: bciceron@rsn.hp.com [mailto:bciceron@rsn.hp.com]

> i try to address the following problem:
> how to gently inform users that a website is temporary unavailable ?
> how can i get apache to point them to a static page with gentle message
> whenever then point to any otherwise valid url ?
> 
> how would you address that ?
> 
> i wonder i re-writing rules would do ?
> 
> is there a better solution ?
> 

See this thread:
http://marc.theaimsgroup.com/?t=100714438800016

Ask again if you have more questions.

Joshua. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

generic page

Posted by bc...@rsn.hp.com.

hi,

i try to address the following problem:
how to gently inform users that a website is temporary unavailable ?
how can i get apache to point them to a static page with gentle message
whenever then point to any otherwise valid url ?

how would you address that ?

i wonder i re-writing rules would do ?

is there a better solution ?

thx,

ben


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: /server-status

Posted by Joshua Slive <jo...@slive.ca>.

>
> Jack Nerad wrote:
> >
> > http://httpd.apache.org/docs/mod/mod_access.html#allow
> >
> > is the documentation.  Which, oddly does point out that the context for
> > allow is either Directory or .htaccess (clearly wrong on this point... I
> > believe it should include location, also).

If you click on the "Context" link in the docs, you will see that anything
that can go in "Directory" can also go in "Files" or "Location" except under
very special circumstances.  There is no separate "context" listing for
"Files" and "Location".

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: /server-status

Posted by Owen Boyle <ob...@bourse.ch>.

Jack Nerad wrote:
> 
> http://httpd.apache.org/docs/mod/mod_access.html#allow
> 
> is the documentation.  Which, oddly does point out that the context for
> allow is either Directory or .htaccess (clearly wrong on this point... I
> believe it should include location, also).

Very odd indeed - whenever I have problems with a directive in a
container, I check the context. If I find the documentation doesn't
specifically permit the directive in that container, I assume it is not
permitted and try a workaround. I don't usually test things that the
docs say won't work...

That's two days in a row I've been trumped by dodgy documentation :-(

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: /server-status

Posted by RuneImp <ru...@imptech.net>.

OK, I was wondering if I needed to specify my remote system.

I tried putting it inside a VirtualHost directive but that
didn't work. Still allowed everyone to see from any domain
on the system.

Oh well. Thanks for the help anyway...  :)

-=- RuneImp
ImpTech - Web Design, Hosting & Computer Tech
http://imptech.net
rune@imptech.net

----- Original Message ----- 
From: "Jack Nerad" <jn...@cimedia.com>
To: <us...@httpd.apache.org>
Sent: Thursday, December 13, 2001 6:17 AM
Subject: Re: /server-status

On Thu, 2001-12-13 at 05:55, RuneImp wrote:
> I'm trying to setup the /server-status & /server-info pages
> so that they are only viewable like this:
> http://admin.imptech.net/server-status
> 
> I reviewed the Allow, Deny & Order directives in the Apache
> Manual & from what they say the following should work.
> 
> <Location /server-status>
>     SetHandler server-status
>     Order Deny,Allow
>     Deny from all
>     Allow from admin.imptech.net
> </Location>
> 
> But each time I get:
> 
> 403 Forbidden
> 
> Forbidden
> You don't have permission to access /server-status on this server.

It sounds like you are trying to access server-status located on
admin.imptech.com/server-stats from windowsbox.imptech.com. You should
use .imptech.com (or whatever domain you are coming in _from_) in the
allow from. or windowsbox.imptech.com (or whatever the name of the
machine is that you are trying to gain access _from_).  Don't use the
name of the server in the allow. 

# allows access from the entire imptech.com domain
Allow from .imptech.com 

http://httpd.apache.org/docs/mod/mod_access.html#allow

is the documentation.  Which, oddly does point out that the context for
allow is either Directory or .htaccess (clearly wrong on this point... I
believe it should include location, also).

the following works on my box, from my box:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 # allow access from localhost
</Location>

The Following does not:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all # take away access from localhost
</Location>

The Allow from directive is just that: it allows access FROM a machine
or machines.  You appear to be using it like an Allow ON directive
(which doesn't exist, as far as I know).

My guess is that the way to limit where the server-status appears is to
put the location directive inside a virtual host directive for
admin.imptech.com?

I hope this helps.

Regards,

Jack Nerad

> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: /server-status

Posted by Jack Nerad <jn...@cimedia.com>.

On Thu, 2001-12-13 at 05:55, RuneImp wrote:
> I'm trying to setup the /server-status & /server-info pages
> so that they are only viewable like this:
> http://admin.imptech.net/server-status
> 
> I reviewed the Allow, Deny & Order directives in the Apache
> Manual & from what they say the following should work.
> 
> <Location /server-status>
>     SetHandler server-status
>     Order Deny,Allow
>     Deny from all
>     Allow from admin.imptech.net
> </Location>
> 
> But each time I get:
> 
> 403 Forbidden
> 
> Forbidden
> You don't have permission to access /server-status on this server.

It sounds like you are trying to access server-status located on
admin.imptech.com/server-stats from windowsbox.imptech.com. You should
use .imptech.com (or whatever domain you are coming in _from_) in the
allow from. or windowsbox.imptech.com (or whatever the name of the
machine is that you are trying to gain access _from_).  Don't use the
name of the server in the allow. 

# allows access from the entire imptech.com domain
Allow from .imptech.com 

http://httpd.apache.org/docs/mod/mod_access.html#allow

is the documentation.  Which, oddly does point out that the context for
allow is either Directory or .htaccess (clearly wrong on this point... I
believe it should include location, also).

the following works on my box, from my box:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 # allow access from localhost
</Location>

The Following does not:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all # take away access from localhost
</Location>

The Allow from directive is just that: it allows access FROM a machine
or machines.  You appear to be using it like an Allow ON directive
(which doesn't exist, as far as I know).

My guess is that the way to limit where the server-status appears is to
put the location directive inside a virtual host directive for
admin.imptech.com?

I hope this helps.

Regards,

Jack Nerad

> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: /server-status

Posted by Jobarr <jo...@herzeleid.com>.

I just do this:
 <Location /server-status>
     SetHandler server-status
 </Location>

As long as you don't care about other people seeing it.
-Jobarr

----- Original Message ----- 
> I'm trying to setup the /server-status & /server-info pages
> so that they are only viewable like this:
> http://admin.imptech.net/server-status
> 
> I reviewed the Allow, Deny & Order directives in the Apache
> Manual & from what they say the following should work.
> 
> <Location /server-status>
>     SetHandler server-status
>     Order Deny,Allow
>     Deny from all
>     Allow from admin.imptech.net
> </Location>
> 
> But each time I get:
> 
> 403 Forbidden
> 
> Forbidden
> You don't have permission to access /server-status on this server.
> 
> 
> ------------------------------------------------------------------
> 
> Apache/1.3.22 Server at admin.imptech.net Port 80
> 
> 
> I've played around with it reversing the Order & different things.
> But essentially unless I allow access to all domains by either
> setting "Allow from all" or setting something like "Deny from blah"
> (which is garbage & just ignores the denial of anything) I get the
> forbidden message.
> 
> 
> -=- RuneImp
> ImpTech - Web Design, Hosting & Computer Tech
> http://imptech.net
> rune@imptech.net
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: /server-status

Posted by RuneImp <ru...@imptech.net>.

Then why is this

# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-status>
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .your_domain.com
#</Location>

part of the default httpd.conf file?


-=- RuneImp
ImpTech - Web Design, Hosting & Computer Tech
http://imptech.net
rune@imptech.net


----- Original Message ----- 
From: "Owen Boyle" <ob...@bourse.ch>
To: <us...@httpd.apache.org>
Sent: Thursday, December 13, 2001 5:00 AM
Subject: Re: /server-status


RuneImp wrote:
> 
> I'm trying to setup the /server-status & /server-info pages
> so that they are only viewable like this:
> http://admin.imptech.net/server-status
> 
> I reviewed the Allow, Deny & Order directives in the Apache
> Manual & from what they say the following should work.
> 
> <Location /server-status>
>     SetHandler server-status
>     Order Deny,Allow
>     Deny from all
>     Allow from admin.imptech.net
> </Location>
> 
> But each time I get:
> 
> 403 Forbidden

The problem is that "Allow" and other mod_access directives don't work
in a <Location> container. They only have context in <Directory> or
.htaccess.

Whenever you get "ignored" directives, it is always a good idea to check
the context for the directive in the docs..

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: /server-status

Posted by Owen Boyle <ob...@bourse.ch>.

RuneImp wrote:
> 
> I'm trying to setup the /server-status & /server-info pages
> so that they are only viewable like this:
> http://admin.imptech.net/server-status
> 
> I reviewed the Allow, Deny & Order directives in the Apache
> Manual & from what they say the following should work.
> 
> <Location /server-status>
>     SetHandler server-status
>     Order Deny,Allow
>     Deny from all
>     Allow from admin.imptech.net
> </Location>
> 
> But each time I get:
> 
> 403 Forbidden

The problem is that "Allow" and other mod_access directives don't work
in a <Location> container. They only have context in <Directory> or
.htaccess.

Whenever you get "ignored" directives, it is always a good idea to check
the context for the directive in the docs..

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: /server-status

Posted by Andrew Braund <ab...@mail.com>.

Where are you trying to access this from? The server box?
If so you may need to add 127.0.0.1.
If some other box then you will need the name or IP address of that
box.
I use the following to give me access from any
machine on my small LAN;
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 192.168.1.0/255.255.255.0
</Location>

HTH
Andrew Braund

> -----Original Message-----
> From: RuneImp [mailto:rune@imptech.net]
> Sent: Thursday, 13 December 2001 21:25
> To: Apache List
> Subject: /server-status
> 
> 
> I'm trying to setup the /server-status & /server-info pages
> so that they are only viewable like this:
> http://admin.imptech.net/server-status
> 
> I reviewed the Allow, Deny & Order directives in the Apache
> Manual & from what they say the following should work.
> 
> <Location /server-status>
>     SetHandler server-status
>     Order Deny,Allow
>     Deny from all
>     Allow from admin.imptech.net
> </Location>
> 
> But each time I get:
> 
> 403 Forbidden
> 
> Forbidden
> You don't have permission to access /server-status on this server.
> 
> 
> ------------------------------------------------------------------
> 
> Apache/1.3.22 Server at admin.imptech.net Port 80
> 
> 
> I've played around with it reversing the Order & different things.
> But essentially unless I allow access to all domains by either
> setting "Allow from all" or setting something like "Deny from blah"
> (which is garbage & just ignores the denial of anything) I get the
> forbidden message.
> 
> 
> -=- RuneImp
> ImpTech - Web Design, Hosting & Computer Tech
> http://imptech.net
> rune@imptech.net
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org