[CentOS] apache server-status permission denied
Tim Dunphy
bluethundr at gmail.com
Tue Jun 10 03:22:01 UTC 2014
Hi Steven,
Thanks for your reply.
No there appears to be no difference there either. And I don't think
reverse dns is setup on either host.
Tim
On Mon, Jun 9, 2014 at 11:03 PM, Steven Tardy <sjt5atra at gmail.com> wrote:
> does /etc/hosts (or DNS or reverse DNS) differ between working server and
> non-working server?
>
>
> On Mon, Jun 9, 2014 at 10:44 PM, Tim Dunphy <bluethundr at gmail.com> wrote:
>
> > Ok lets' try this again. I set the following in httpd.conf:
> >
> > <Location /server-status>
> > SetHandler server-status
> > Order deny,allow
> > Deny from all
> > Allow from 127.0.0.1 10.10.1.160
> > </Location>
> >
> > I bounce apache.
> >
> > I verify the IP information is correct:
> >
> > [root at webhosta apache2]# ifconfig | grep inet
> > inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0
> > inet addr:127.0.0.1 Mask:255.0.0.0
> >
> > Then if I try a GET on that IP using hostname -i
> >
> > [root at webhosta apache2]# GET http://$(hostname -i)/server-status
> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> > <html><head>
> > <title>403 Forbidden</title>
> > </head><body>
> > <h1>Forbidden</h1>
> > <p>You don't have permission to access /server-status
> > on this server.</p>
> > <hr>
> > <address>Apache Server at 10.10.1.160 Port 80</address>
> > </body></html>
> >
> > OR if I try a GET with the actual IP, I get the following:
> >
> > [root at webhosta apache2]# GET http://10.10.1.160/server-status
> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> > <html><head>
> > <title>403 Forbidden</title>
> > </head><body>
> > <h1>Forbidden</h1>
> > <p>You don't have permission to access /server-status
> > on this server.</p>
> > <hr>
> > <address>Apache Server at 10.10.1.160 Port 80</address>
> > </body></html>
> >
> >
> > Any further thoughts?
> >
> > Thanks
> >
> >
> >
> > On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy <sjt5atra at gmail.com>
> wrote:
> >
> > > 10.10.160 != 10.10.1.160
> > > the GET is probably going across ethx interface instead of lo
> interface.
> > >
> > >
> > > On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy <bluethundr at gmail.com>
> wrote:
> > >
> > > > Hey all,
> > > >
> > > > I'm having a slightly weird issue with apache server-status on just
> one
> > > of
> > > > my nodes.
> > > >
> > > > In my httpd.conf I have the following:
> > > >
> > > > <Location /server-status>
> > > >
> > > > SetHandler server-status
> > > >
> > > > Order deny,allow
> > > >
> > > > Deny from all
> > > >
> > > > Allow from 127.0.0.1 10.10.160
> > > >
> > > > </Location>
> > > >
> > > > If I do a ps grep I know that I'm using the right config:
> > > >
> > > > [root at webhosta apache2]# ps -ef | grep apache | grep -v grep | head
> -5
> > > >
> > > > root 28359 1 0 21:38 ? 00:00:00
> /opt/apache2/bin/httpd
> > -k
> > > > start
> > > >
> > > > apache 28360 28359 0 21:38 ? 00:00:00
> /opt/apache2/bin/httpd
> > -k
> > > > start
> > > >
> > > > apache 28361 28359 0 21:38 ? 00:00:00
> /opt/apache2/bin/httpd
> > -k
> > > > start
> > > >
> > > > apache 28362 28359 0 21:38 ? 00:00:00
> /opt/apache2/bin/httpd
> > -k
> > > > start
> > > >
> > > > apache 28363 28359 0 21:38 ? 00:00:00
> /opt/apache2/bin/httpd
> > -k
> > > > start
> > > >
> > > >
> > > > And if I check apachectl -S things look ok there too. I can also see
> > I'm
> > > > using the right config:
> > > >
> > > > [root at webhosta apache2]# /opt/apache2/bin/httpd -S
> > > >
> > > > VirtualHost configuration:
> > > >
> > > > wildcard NameVirtualHosts and _default_ servers:
> > > >
> > > > *:* is a NameVirtualHost
> > > >
> > > > default server test.mydomain.com
> > > > (/opt/apache2/conf.d/z001_mydomain.conf:1)
> > > >
> > > > port * namevhost test.mydomain.com
> > > > (/opt/apache2/conf.d/z001_mydomain.conf:1)
> > > >
> > > > port * namevhost webhosta.dmz.domain.com
> > > > (/opt/apache2/conf/httpd.conf:469)
> > > >
> > > > port * namevhost webhosta.dmz.domain.com
> > > > (/opt/apache2/conf/httpd.conf:480)
> > > >
> > > > port * namevhost hcphp.nbc.com
> > > (/opt/apache2/conf/httpd.conf:501)
> > > >
> > > > Syntax OK
> > > >
> > > >
> > > > Yet, for some reason I get permission denied when I try to do a get
> > from
> > > > localhost:
> > > >
> > > >
> > > > [root at webhosta apache2]# GET http://$(hostname -i)/server-status
> > > >
> > > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> > > >
> > > > <html><head>
> > > >
> > > > <title>403 Forbidden</title>
> > > >
> > > > </head><body>
> > > >
> > > > <h1>Forbidden</h1>
> > > >
> > > > <p>You don't have permission to access /server-status
> > > >
> > > > on this server.</p>
> > > >
> > > > <hr>
> > > >
> > > > <address>Apache Server at 10.10.1.160 Port 80</address>
> > > >
> > > > </body></html>
> > > >
> > > >
> > > > I can do a successful GET to 127.0.0.1, but our system is automated
> and
> > > > relies on doing a GET to the value of hostname -i.
> > > >
> > > >
> > > > Does anyone have any ideas or suggestions as to what could be wrong?
> > > >
> > > >
> > > > Thanks
> > > >
> > > > Tim
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > GPG me!!
> > > >
> > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS at centos.org
> > > > http://lists.centos.org/mailman/listinfo/centos
> > > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at centos.org
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> >
> >
> >
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
More information about the CentOS
mailing list