httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] server-status / server-info protection
Date Wed, 14 Jul 2004 19:39:43 GMT
On Wed, 14 Jul 2004 20:27:27 +0100, Simon <admin@thelight.org.uk> wrote:
> Im trying to restrict my server-info and server-status pages to
> localhost only using the following lines:
> 
> <Location /server-info>
>       SetHandler server-info
>       Order Deny,Allow
>       Deny from all
>       Allow from 127.0.0.1
> </Location>
> <Location /server-status>
>       SetHandler server-status
>       Order Deny,Allow
>       Deny from all
>       Allow from 127.0.0.1
> </Location>
> 
> The problem is that for some reason, I can still access these pages from
> outside localhost. Are these lines correct/all that I need?

Yes, they are correct.

Are you sure you are editting the right config file?

Have you restarted the server after making changes?

Are there any other <Location> sections that might be overriding these ones?

Are client requests really arriving from outside, or do you have a
proxy on your local computer that is forwarding to apache?  (For
example, on Mac OSX, all requests look like they come from localhost
because of a local proxy.)

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message