does /etc/hosts (or DNS or reverse DNS) differ between working server and non-working server? On Mon, Jun 9, 2014 at 10:44 PM, Tim Dunphy <bluethundr at gmail.com> wrote: > Ok lets' try this again. I set the following in httpd.conf: > > <Location /server-status> > SetHandler server-status > Order deny,allow > Deny from all > Allow from 127.0.0.1 10.10.1.160 > </Location> > > I bounce apache. > > I verify the IP information is correct: > > [root at webhosta apache2]# ifconfig | grep inet > inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0 > inet addr:127.0.0.1 Mask:255.0.0.0 > > Then if I try a GET on that IP using hostname -i > > [root at webhosta apache2]# GET http://$(hostname -i)/server-status > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>403 Forbidden</title> > </head><body> > <h1>Forbidden</h1> > <p>You don't have permission to access /server-status > on this server.</p> > <hr> > <address>Apache Server at 10.10.1.160 Port 80</address> > </body></html> > > OR if I try a GET with the actual IP, I get the following: > > [root at webhosta apache2]# GET http://10.10.1.160/server-status > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>403 Forbidden</title> > </head><body> > <h1>Forbidden</h1> > <p>You don't have permission to access /server-status > on this server.</p> > <hr> > <address>Apache Server at 10.10.1.160 Port 80</address> > </body></html> > > > Any further thoughts? > > Thanks > > > > On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy <sjt5atra at gmail.com> wrote: > > > 10.10.160 != 10.10.1.160 > > the GET is probably going across ethx interface instead of lo interface. > > > > > > On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy <bluethundr at gmail.com> wrote: > > > > > Hey all, > > > > > > I'm having a slightly weird issue with apache server-status on just one > > of > > > my nodes. > > > > > > In my httpd.conf I have the following: > > > > > > <Location /server-status> > > > > > > SetHandler server-status > > > > > > Order deny,allow > > > > > > Deny from all > > > > > > Allow from 127.0.0.1 10.10.160 > > > > > > </Location> > > > > > > If I do a ps grep I know that I'm using the right config: > > > > > > [root at webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5 > > > > > > root 28359 1 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd > -k > > > start > > > > > > apache 28360 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd > -k > > > start > > > > > > apache 28361 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd > -k > > > start > > > > > > apache 28362 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd > -k > > > start > > > > > > apache 28363 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd > -k > > > start > > > > > > > > > And if I check apachectl -S things look ok there too. I can also see > I'm > > > using the right config: > > > > > > [root at webhosta apache2]# /opt/apache2/bin/httpd -S > > > > > > VirtualHost configuration: > > > > > > wildcard NameVirtualHosts and _default_ servers: > > > > > > *:* is a NameVirtualHost > > > > > > default server test.mydomain.com > > > (/opt/apache2/conf.d/z001_mydomain.conf:1) > > > > > > port * namevhost test.mydomain.com > > > (/opt/apache2/conf.d/z001_mydomain.conf:1) > > > > > > port * namevhost webhosta.dmz.domain.com > > > (/opt/apache2/conf/httpd.conf:469) > > > > > > port * namevhost webhosta.dmz.domain.com > > > (/opt/apache2/conf/httpd.conf:480) > > > > > > port * namevhost hcphp.nbc.com > > (/opt/apache2/conf/httpd.conf:501) > > > > > > Syntax OK > > > > > > > > > Yet, for some reason I get permission denied when I try to do a get > from > > > localhost: > > > > > > > > > [root at webhosta apache2]# GET http://$(hostname -i)/server-status > > > > > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > > > > > <html><head> > > > > > > <title>403 Forbidden</title> > > > > > > </head><body> > > > > > > <h1>Forbidden</h1> > > > > > > <p>You don't have permission to access /server-status > > > > > > on this server.</p> > > > > > > <hr> > > > > > > <address>Apache Server at 10.10.1.160 Port 80</address> > > > > > > </body></html> > > > > > > > > > I can do a successful GET to 127.0.0.1, but our system is automated and > > > relies on doing a GET to the value of hostname -i. > > > > > > > > > Does anyone have any ideas or suggestions as to what could be wrong? > > > > > > > > > Thanks > > > > > > Tim > > > > > > > > > > > > > > > -- > > > GPG me!! > > > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > > _______________________________________________ > > > CentOS mailing list > > > CentOS at centos.org > > > http://lists.centos.org/mailman/listinfo/centos > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >