On 21.06.2010 14:40, Jim Jagielski wrote:
There have been a few reports regarding how server-status "leaks"
info, mostly about our (the ASF's) open use of server-status and
how IP addresses are exposed.
I'm thinking about a patch that adjusts server-status/mod_status
to have a "public vs. private" setting... Public would be to
have IP addresses exposed as public info; private would be to
not expose 'em (keep 'em private).
Comments?
Seems necessary according to privacy laws in various countries.
What about the request URL and the VHost name? Both are not necessarily
publicly known information, i.e. you could "leak" what URLs respectively
VHosts are there. More of a security than a privacy issue though.
Finally an attacker can derive the MPM sizing and check the
effectiveness of DOS attacks from the server status, but I guess admins
afraid about that will never (publicly) enable the server status.
So IMHO: w.r.t. privacy, removing the client IP is good and might even
be necessary for admins who only want to provide the server status to a
restricted group of users.
Optionally removing VHost and URL might allow more admins to make the
server status available to an even bigger group of people, but if there
are only two choices, full data and restricted data, I would prefer them
to be still shown even in the restricted mode.
Regards,
Rainer
