On 6/21/2010 7:40 AM, Jim Jagielski wrote: > There have been a few reports regarding how server-status "leaks" > info, mostly about our (the ASF's) open use of server-status and > how IP addresses are exposed. > > I'm thinking about a patch that adjusts server-status/mod_status > to have a "public vs. private" setting... Public would be to > have IP addresses exposed as public info; private would be to > not expose 'em (keep 'em private). > > Comments?
Sounds sensible, but it becomes a problem to distinguish clients. What about 8 or 9 digits of a sha1 hash on the client (e.g. something that would look a bit like a mac), purely invented and truncated to allow the admin to see patterns in who is accessing the machine?
