[CentOS] apache server-status permission denied

Tue Jun 10 01:56:41 UTC 2014
Tim Dunphy <bluethundr at gmail.com>

Hey all,

I'm having a slightly weird issue with apache server-status on just one of
my nodes.

In my httpd.conf I have the following:

<Location /server-status>

    SetHandler server-status

    Order deny,allow

    Deny from all

    Allow from 127.0.0.1 10.10.160

</Location>

If I do a ps grep I know that I'm using the right config:

[root at webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5

root     28359     1  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
start

apache   28360 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
start

apache   28361 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
start

apache   28362 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
start

apache   28363 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
start


And if I check apachectl -S things look ok there too. I can also see I'm
using the right config:

[root at webhosta apache2]# /opt/apache2/bin/httpd -S

VirtualHost configuration:

wildcard NameVirtualHosts and _default_ servers:

*:*                    is a NameVirtualHost

         default server test.mydomain.com
(/opt/apache2/conf.d/z001_mydomain.conf:1)

         port * namevhost test.mydomain.com
(/opt/apache2/conf.d/z001_mydomain.conf:1)

         port * namevhost webhosta.dmz.domain.com
(/opt/apache2/conf/httpd.conf:469)

         port * namevhost webhosta.dmz.domain.com
(/opt/apache2/conf/httpd.conf:480)

         port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501)

Syntax OK


Yet, for some reason I get permission denied when I try to do a get from
localhost:


[root at webhosta apache2]# GET http://$(hostname -i)/server-status

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

<p>You don't have permission to access /server-status

on this server.</p>

<hr>

<address>Apache Server at 10.10.1.160 Port 80</address>

</body></html>


I can do a successful GET to 127.0.0.1, but our system is automated and
relies on doing a GET to the value of hostname -i.


Does anyone have any ideas or suggestions as to what could be wrong?


Thanks

Tim




-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B