httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49794] New: Denied access to mod_status displays wrong directory access
Date Sat, 21 Aug 2010 09:18:20 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49794

           Summary: Denied access to mod_status displays wrong directory
                    access
           Product: Apache httpd-2
           Version: 2.2.9
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: trivial
          Priority: P2
         Component: mod_status
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: thomas@preissler.co.uk


I enabled mod_status with

<Location /server-status>

     <IfModule mod_security2.c>
         SecRuleEngine Off
     </IfModule>

    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from localhost ip6-localhost
#    Allow from all
#    Allow from .example.com
</Location>

accessing it from localhost gives me a 403, Access Denied. When I look in the
global Apache error.log /var/log/apache2/error.log I see

[Fri Aug 20 23:11:55 2010] [error] [client 127.0.0.1] client denied by server
configuration: /htdocs

/htdocs is wrong, doesnt exist at all. And I am only accessing mod_status with

lynx http://localhost/server-status?auto

(with or without the "auto", doesnt make a difference).

I do have ModSecurity 2.5 enabled, but I get the same when I put it into
DetectionOnly. It is also disabled completely as you can see above.

When I add "127.0.0.1 ::1" to the Allow above it works fine, and that
particular display error is gone.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message