Apache’s Built in Server-Status Screen
avatar

Apache has a built in server-status screen.  This gives you a run down of what is going on with your apache server.  This can be very useful but it can also be dangerous if the wrong person was able to view it.  As long as you setup this ability correctly you can limit who can view the page.

The first thing to do is to make sure mod_status is enable on your server.  To do this you need to edit your httpd.conf file and make sure you have the following line:

LoadModule status_module modules/mod_status.so

The next thing you need to do is add the configuration to turn on the module, you can add this to your httpd.conf file or by going into your conf.d directory and added a file there with a .conf extention:

<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>

This will allow you to only access the Apache server-status page by going to “http://<url or ip of your server>/server-status”.  Leaving the settings the way they are above you would only be able to view the server-status page on the machine itself.  If you wanted you could add in another IP address by either changing the Allow line or adding a second one like the example below.

<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.1.2
</Location>

This entry was posted in Apache, Guides. Bookmark the permalink.

Leave a Reply