[CentOS] apache server-status permission denied

Tue Jun 10 02:44:39 UTC 2014
Tim Dunphy <bluethundr at gmail.com>

Ok lets' try this again. I set the following in httpd.conf:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 10.10.1.160
</Location>

I bounce apache.

I verify the IP information is correct:

[root at webhosta apache2]# ifconfig | grep inet
          inet addr:10.10.1.160  Bcast:10.10.1.255  Mask:255.255.254.0
          inet addr:127.0.0.1  Mask:255.0.0.0

Then if I try a GET on that IP using hostname -i

[root at webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache Server at 10.10.1.160 Port 80</address>
</body></html>

OR if I try a GET with the actual IP, I get the following:

[root at webhosta apache2]# GET http://10.10.1.160/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache Server at 10.10.1.160 Port 80</address>
</body></html>


Any further thoughts?

Thanks



On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy <sjt5atra at gmail.com> wrote:

> 10.10.160 != 10.10.1.160
> the GET is probably going across ethx interface instead of lo interface.
>
>
> On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy <bluethundr at gmail.com> wrote:
>
> > Hey all,
> >
> > I'm having a slightly weird issue with apache server-status on just one
> of
> > my nodes.
> >
> > In my httpd.conf I have the following:
> >
> > <Location /server-status>
> >
> >     SetHandler server-status
> >
> >     Order deny,allow
> >
> >     Deny from all
> >
> >     Allow from 127.0.0.1 10.10.160
> >
> > </Location>
> >
> > If I do a ps grep I know that I'm using the right config:
> >
> > [root at webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
> >
> > root     28359     1  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> > start
> >
> > apache   28360 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> > start
> >
> > apache   28361 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> > start
> >
> > apache   28362 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> > start
> >
> > apache   28363 28359  0 21:38 ?        00:00:00 /opt/apache2/bin/httpd -k
> > start
> >
> >
> > And if I check apachectl -S things look ok there too. I can also see I'm
> > using the right config:
> >
> > [root at webhosta apache2]# /opt/apache2/bin/httpd -S
> >
> > VirtualHost configuration:
> >
> > wildcard NameVirtualHosts and _default_ servers:
> >
> > *:*                    is a NameVirtualHost
> >
> >          default server test.mydomain.com
> > (/opt/apache2/conf.d/z001_mydomain.conf:1)
> >
> >          port * namevhost test.mydomain.com
> > (/opt/apache2/conf.d/z001_mydomain.conf:1)
> >
> >          port * namevhost webhosta.dmz.domain.com
> > (/opt/apache2/conf/httpd.conf:469)
> >
> >          port * namevhost webhosta.dmz.domain.com
> > (/opt/apache2/conf/httpd.conf:480)
> >
> >          port * namevhost hcphp.nbc.com
> (/opt/apache2/conf/httpd.conf:501)
> >
> > Syntax OK
> >
> >
> > Yet, for some reason I get permission denied when I try to do a get from
> > localhost:
> >
> >
> > [root at webhosta apache2]# GET http://$(hostname -i)/server-status
> >
> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> >
> > <html><head>
> >
> > <title>403 Forbidden</title>
> >
> > </head><body>
> >
> > <h1>Forbidden</h1>
> >
> > <p>You don't have permission to access /server-status
> >
> > on this server.</p>
> >
> > <hr>
> >
> > <address>Apache Server at 10.10.1.160 Port 80</address>
> >
> > </body></html>
> >
> >
> > I can do a successful GET to 127.0.0.1, but our system is automated and
> > relies on doing a GET to the value of hostname -i.
> >
> >
> > Does anyone have any ideas or suggestions as to what could be wrong?
> >
> >
> > Thanks
> >
> > Tim
> >
> >
> >
> >
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B