Return-Path: Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 33936 invoked by uid 500); 10 Jul 2002 22:50:29 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: "Apache HTTPD Bugs Notification List" Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 33925 invoked from network); 10 Jul 2002 22:50:28 -0000 Date: 10 Jul 2002 22:50:46 -0000 Message-ID: <20020710225046.22788.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: bugs@httpd.apache.org Cc: Subject: DO NOT REPLY [Bug 10667] New: - server-status does not limit access using allow from/deny from X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10667 server-status does not limit access using allow from/deny from Summary: server-status does not limit access using allow from/deny from Product: Apache httpd-1.3 Version: 1.3.26 Platform: All OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Auth/Access AssignedTo: bugs@httpd.apache.org ReportedBy: scott@brynen.com CC: scott@brynen.com It would appear in one of the latest versions of httpd 1.3.26 (maybe earlier) someone broke the server-status access code. Despite having allow/deny froms (see below), /server-status is still readable by all (don't beleive me, try http://www.apache.org/server-status) SetHandler server-status order deny,allow Deny from all Allow from 192.168.0 Allow from 24.65.162.171 --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org