You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/07/04 10:24:46 UTC

[Bug 56697] New: status page still shown while blocked

https://issues.apache.org/bugzilla/show_bug.cgi?id=56697

            Bug ID: 56697
           Summary: status page still shown while blocked
           Product: Apache httpd-2
           Version: 2.2.25
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_status
          Assignee: bugs@httpd.apache.org
          Reporter: jsip@mirabeau.nl

On our server we are using mod_status and mod_env to limit the access to that
page.

While all traffic to the statuspage is blocked, except for the ip's whitelisted
using env=OK, the page is still accessible from the internet.

The strange thing is that at the first attempt the page can be visited by a
non-whitelisted ip but at a later attempt the page is blocked.  

This is the configuration

<Location /server-status>
  SetHandler server-status
  Order Deny,Allow
  Deny from all
  Allow from env=ok
</Location>

We are trying to figure out what goes wrong here, the setup is two webservers
(with identical configuration) behind a loadbalancer, we are sure that both
servers have the same apache version and the behaviour is identical on both
machines.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org