https://issues.apache.org/bugzilla/show_bug.cgi?id=49794
Summary: Denied access to mod_status displays wrong directory
access
Product: Apache httpd-2
Version: 2.2.9
Platform: PC
OS/Version: Linux
Status: NEW
Severity: trivial
Priority: P2
Component: mod_status
AssignedTo: [email protected]
ReportedBy: [email protected]
I enabled mod_status with
<Location /server-status>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost ip6-localhost
# Allow from all
# Allow from .example.com
</Location>
accessing it from localhost gives me a 403, Access Denied. When I look in the
global Apache error.log /var/log/apache2/error.log I see
[Fri Aug 20 23:11:55 2010] [error] [client 127.0.0.1] client denied by server
configuration: /htdocs
/htdocs is wrong, doesnt exist at all. And I am only accessing mod_status with
lynx http://localhost/server-status?auto
(with or without the "auto", doesnt make a difference).
I do have ModSecurity 2.5 enabled, but I get the same when I put it into
DetectionOnly. It is also disabled completely as you can see above.
When I add "127.0.0.1 ::1" to the Allow above it works fine, and that
particular display error is gone.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
