httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gmx@schwicking.de" <...@schwicking.de>
Subject Re: server-status and privacy
Date Tue, 22 Jun 2010 07:20:13 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

> I'm thinking about a patch that adjusts server-status/mod_status
> to have a "public vs. private" setting... Public would be to
> have IP addresses exposed as public info; private would be to
> not expose 'em (keep 'em private).
>
> Comments?

Just as a hint: i posted a patch about two weeks ago, that enables a
(sort of) privacy setting for the server-status. The patch adds a new
directive (ServerStatusHandlerName <string>) and enables the admin to
customize the handlername for the mod_status module.

That way, other users (in a shared hosting enviroment), can not simply use

"SetHandler server-status"

in their htaccess-files anymore. For us that does the trick.

- From my experience, no admin (knowingly) makes the server-status
available to the public (and of course shouldnt). It should be used by
admins to view the servers current load, child status, remote ips and
for example to investigate in heavy-load situations (etc.).

What point does a server-status have, if i cant see the remote ip (and
for example roughly sum them up), use the requested url shown to
reproduce some sort of error or see the status of the current apache
childs and realize, that too many are in WAIT?

- From my point of view, renaming/customizing the handler is sufficient
and my patch already does that :-).

regards
volker







-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwgZCQACgkQHaTGAGocg2KtFQCfaWzucPVij8bgZmdvx8uSYJJu
TKAAn3kQmxcgOXBo5tJk2yrhOV9rmNbj
=mjjR
-----END PGP SIGNATURE-----

Mime
View raw message