-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
> I'm thinking about a patch that adjusts server-status/mod_status > to have a "public vs. private" setting... Public would be to > have IP addresses exposed as public info; private would be to > not expose 'em (keep 'em private). > > Comments? Just as a hint: i posted a patch about two weeks ago, that enables a (sort of) privacy setting for the server-status. The patch adds a new directive (ServerStatusHandlerName <string>) and enables the admin to customize the handlername for the mod_status module. That way, other users (in a shared hosting enviroment), can not simply use "SetHandler server-status" in their htaccess-files anymore. For us that does the trick. - From my experience, no admin (knowingly) makes the server-status available to the public (and of course shouldnt). It should be used by admins to view the servers current load, child status, remote ips and for example to investigate in heavy-load situations (etc.). What point does a server-status have, if i cant see the remote ip (and for example roughly sum them up), use the requested url shown to reproduce some sort of error or see the status of the current apache childs and realize, that too many are in WAIT? - From my point of view, renaming/customizing the handler is sufficient and my patch already does that :-). regards volker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwgZCQACgkQHaTGAGocg2KtFQCfaWzucPVij8bgZmdvx8uSYJJu TKAAn3kQmxcgOXBo5tJk2yrhOV9rmNbj =mjjR -----END PGP SIGNATURE-----
