Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 76862 invoked from network); 23 Jun 2010 15:49:36 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 23 Jun 2010 15:49:36 -0000 Received: (qmail 3804 invoked by uid 500); 23 Jun 2010 15:49:36 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 3729 invoked by uid 500); 23 Jun 2010 15:49:35 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 3720 invoked by uid 99); 23 Jun 2010 15:49:35 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jun 2010 15:49:35 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=10.0 tests=AWL,RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: 76.96.30.40 is neither permitted nor denied by domain of jim@jagunet.com) Received: from [76.96.30.40] (HELO qmta04.emeryville.ca.mail.comcast.net) (76.96.30.40) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jun 2010 15:49:27 +0000 Received: from omta08.emeryville.ca.mail.comcast.net ([76.96.30.12]) by qmta04.emeryville.ca.mail.comcast.net with comcast id ZQfo1e0050FhH24A4Tp7a0; Wed, 23 Jun 2010 15:49:07 +0000 Received: from [192.168.199.10] ([69.251.84.64]) by omta08.emeryville.ca.mail.comcast.net with comcast id ZTp51e00L1PGofZ8UTp69k; Wed, 23 Jun 2010 15:49:07 +0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: server-status and privacy From: Jim Jagielski In-Reply-To: Date: Wed, 23 Jun 2010 11:49:04 -0400 Content-Transfer-Encoding: 7bit Message-Id: <47E0A91D-C86D-4B2C-9B72-EF9FFEC20618@jaguNET.com> References: To: dev@httpd.apache.org X-Mailer: Apple Mail (2.1081) On Jun 21, 2010, at 1:07 PM, Jeff Trawick wrote: > On Mon, Jun 21, 2010 at 8:40 AM, Jim Jagielski wrote: >> There have been a few reports regarding how server-status "leaks" >> info, mostly about our (the ASF's) open use of server-status and >> how IP addresses are exposed. >> >> I'm thinking about a patch that adjusts server-status/mod_status >> to have a "public vs. private" setting... Public would be to >> have IP addresses exposed as public info; private would be to >> not expose 'em (keep 'em private). > > use mod_sed or similar on apache.org to change the client IP address > field to "?" > True... so I'm guessing this means that the patch would be unacceptable?