httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon <ad...@thelight.org.uk>
Subject Re: [users@httpd] server-status / server-info protection
Date Thu, 15 Jul 2004 12:11:06 GMT
Joshua Slive wrote:

> On Wed, 14 Jul 2004 20:27:27 +0100, Simon <admin@thelight.org.uk> wrote:
> 
>>Im trying to restrict my server-info and server-status pages to
>>localhost only using the following lines:
>>
>><Location /server-info>
>>      SetHandler server-info
>>      Order Deny,Allow
>>      Deny from all
>>      Allow from 127.0.0.1
>></Location>
>><Location /server-status>
>>      SetHandler server-status
>>      Order Deny,Allow
>>      Deny from all
>>      Allow from 127.0.0.1
>></Location>
>>
>>The problem is that for some reason, I can still access these pages from
>>outside localhost. Are these lines correct/all that I need?
> 
> 
> Yes, they are correct.
> 
> Are you sure you are editting the right config file?
> 
> Have you restarted the server after making changes?
> 
> Are there any other <Location> sections that might be overriding these ones?
> 
> Are client requests really arriving from outside, or do you have a
> proxy on your local computer that is forwarding to apache?  (For
> example, on Mac OSX, all requests look like they come from localhost
> because of a local proxy.)
> 
> Joshua.
> 

Thanks. It was being over-ridden by another <Location> section later in 
the config file. Moving the server-status/server-info <Location> 
elements to underneath the other <Location> section solved the problem.

Mime
View raw message