httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: server-status and privacy
Date Mon, 21 Jun 2010 15:48:51 GMT
On 6/21/2010 7:40 AM, Jim Jagielski wrote:
> There have been a few reports regarding how server-status "leaks"
> info, mostly about our (the ASF's) open use of server-status and
> how IP addresses are exposed.
> I'm thinking about a patch that adjusts server-status/mod_status
> to have a "public vs. private" setting... Public would be to
> have IP addresses exposed as public info; private would be to
> not expose 'em (keep 'em private).
> Comments?

Sounds sensible, but it becomes a problem to distinguish clients.

What about 8 or 9 digits of a sha1 hash on the client (e.g. something
that would look a bit like a mac), purely invented and truncated to
allow the admin to see patterns in who is accessing the machine?

View raw message