https://issues.apache.org/bugzilla/show_bug.cgi?id=56697
Bug ID: 56697
Summary: status page still shown while blocked
Product: Apache httpd-2
Version: 2.2.25
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_status
Assignee: [email protected]
Reporter: [email protected]
On our server we are using mod_status and mod_env to limit the access to that
page.
While all traffic to the statuspage is blocked, except for the ip's whitelisted
using env=OK, the page is still accessible from the internet.
The strange thing is that at the first attempt the page can be visited by a
non-whitelisted ip but at a later attempt the page is blocked.
This is the configuration
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from env=ok
</Location>
We are trying to figure out what goes wrong here, the setup is two webservers
(with identical configuration) behind a loadbalancer, we are sure that both
servers have the same apache version and the behaviour is identical on both
machines.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
