[CentOS] apache server-status permission denied

Tue Jun 10 02:23:43 UTC 2014
Steven Tardy <sjt5atra at gmail.com>

10.10.160 != 10.10.1.160
the GET is probably going across ethx interface instead of lo interface.


On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy <bluethundr at gmail.com> wrote:

> Hey all,
>
> I'm having a slightly weird issue with apache server-status on just one of
> my nodes.
>
> In my httpd.conf I have the following:
>
> <Location /server-status>
>
>     SetHandler server-status
>
>     Order deny,allow
>
>     Deny from all
>
>     Allow from 127.0.0.1 10.10.160
>
> </Location>
>
> If I do a ps grep I know that I'm using the right config:
>
> [root at webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
>
> root     28359     1  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> start
>
> apache   28360 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> start
>
> apache   28361 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> start
>
> apache   28362 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> start
>
> apache   28363 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> start
>
>
> And if I check apachectl -S things look ok there too. I can also see I'm
> using the right config:
>
> [root at webhosta apache2]# /opt/apache2/bin/httpd -S
>
> VirtualHost configuration:
>
> wildcard NameVirtualHosts and _default_ servers:
>
> *:*                    is a NameVirtualHost
>
>          default server test.mydomain.com
> (/opt/apache2/conf.d/z001_mydomain.conf:1)
>
>          port * namevhost test.mydomain.com
> (/opt/apache2/conf.d/z001_mydomain.conf:1)
>
>          port * namevhost webhosta.dmz.domain.com
> (/opt/apache2/conf/httpd.conf:469)
>
>          port * namevhost webhosta.dmz.domain.com
> (/opt/apache2/conf/httpd.conf:480)
>
>          port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501)
>
> Syntax OK
>
>
> Yet, for some reason I get permission denied when I try to do a get from
> localhost:
>
>
> [root at webhosta apache2]# GET http://$(hostname -i)/server-status
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>
> <html><head>
>
> <title>403 Forbidden</title>
>
> </head><body>
>
> <h1>Forbidden</h1>
>
> <p>You don't have permission to access /server-status
>
> on this server.</p>
>
> <hr>
>
> <address>Apache Server at 10.10.1.160 Port 80</address>
>
> </body></html>
>
>
> I can do a successful GET to 127.0.0.1, but our system is automated and
> relies on doing a GET to the value of hostname -i.
>
>
> Does anyone have any ideas or suggestions as to what could be wrong?
>
>
> Thanks
>
> Tim
>
>
>
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>