Ping a Specific Port

Question

Kzqai

Asked: 2014-09-19 13:29:36 +0800 CST2014-09-19 13:29:36 +0800 CST 2014-09-19 13:29:36 +0800 CST

Tried to deny access to apache /server-status module with certain exceptions, but it became exposed everywhere

772

I turned on apache's server status module and intended it to be readable only from my own ip or when browsing via the lynx text browser sshed in to the the server itself. Unfortunately it turns out that I was able to read the details at the /server-status url from other ips, and apparently any public ip in general.

Yet when I look at the allow/deny stack, it seems right to me. I tried to deny from all first, and only allow from a few specific locations second. What did I do wrong? Here is my httpd.conf

# Uncomment the following lines to enable mod_status support:
#
ExtendedStatus On


# ServerTokens Prod
# Already set in the conf.d/security
#Don't reveal server apache or debian details.

<Location /server-status>
SetHandler server-status

Order Deny,Allow
Deny from all
Allow from localhost, bitlucid.com, 184.106.129.190, 67.247.170.88, 72.230.178.92
</Location>

1 Answers

Voted

wurtel · Answer 1 · 2014-09-19T23:13:55+08:00

Best Answer

wurtel

2014-09-19T23:13:55+08:002014-09-19T23:13:55+08:00

Get rid of the commas in the "Allow from" line, those are not allowed and may cause this.

2

Tried to deny access to apache /server-status module with certain exceptions, but it became exposed everywhere

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?