httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Quinn <br...@az511.com>
Subject Re: [users@httpd] server-status / server-info protection
Date Wed, 14 Jul 2004 19:37:50 GMT
you need to change you access list.  The way they are read is Top to 
Bottom, the first match it finds it stops.  You are doing a Deny from ALL, 
so it finds that line, then doesn't move on.  You need your allow line first.

Brian



At 12:27 PM 7/14/2004, you wrote:
>Im trying to restrict my server-info and server-status pages to localhost 
>only using the following lines:
>
><Location /server-info>
>      SetHandler server-info
>      Order Deny,Allow
>      Deny from all
>      Allow from 127.0.0.1
></Location>
><Location /server-status>
>      SetHandler server-status
>      Order Deny,Allow
>      Deny from all
>      Allow from 127.0.0.1
></Location>
>
>The problem is that for some reason, I can still access these pages from 
>outside localhost. Are these lines correct/all that I need?
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message