Hi, I wanted to enable apache server-status through mod_status while running under ISPConfig. I needed that to show not just whether the acpache server was up, but also how long it was up. For this purpose I added the following directives to the site definition in sites-enabled and mod-enabled, but my output is ERROR 403 - Forbidden! this from sites-enabled/000-default.conf Code: <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf <Location /server-status> SetHandler server-status #Require local Order allow,deny Deny from all Allow from pangsix.pangandarankab.go.id #Require ip 192.168.203.99/24 #Allow from all </Location> </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet and this for mods-enabled/status.conf Code: <IfModule mod_status.c> # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. <Location /server-status> SetHandler my-server Require local #Require ip 192.0.2.0/24 #Require ip 192.168.203.99/24 </Location> # Keep track of extended status information for each request ExtendedStatus On # Determine if mod_status displays the first 63 characters of a request or # the last 63, assuming the request itself is greater than 63 chars. # Default: Off #SeeRequestTail On <Location /server-status> SetHandler server-status Order allow,deny Deny from all Allow from pangsix.pangandarankab.go.id #Require local #Require ip 192.168.203.99/24 #Allow from all </Location> <IfModule mod_proxy.c> # Show Proxy LoadBalancer status in mod_status ProxyStatus On </IfModule> </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
There are good reasons why this has require local or internal ips only. Do not expose yourself to any risk. It can be from harmless to risky data leaks if someone is able to connect to this, especially if query strings are used to pass sensitive informations. Or SeeRequestTail is used. Anyway, the apache error log would probably tell you, that you are trying to make a connection not matching any of the set requirements. But just to be sure, would be good to see the error.log entry. But just out of curiousity, Depending on your network. If you connect to the server and do a wget http://127.0.0.1/server-status with that directive, does it work? If you have old apache modules or compat mode enabled, sure enough, instead of Require use the old Allow/Deny but set the local ips and verify the vhost setting in works in general.
Thanks Sir for the respond, here the result from wget http://127.0.0.1/server-status Code: --2024-04-24 21:03:30-- http://127.0.0.1/server-status Connecting to 127.0.0.1:80... connected. HTTP request sent, awaiting response... 200 OK Length: 7404 (7.2K) [text/html] Saving to: ‘server-status’ server-status 100%[========================================================================================================================================>] 7.23K --.-KB/s in 0s 2024-04-24 21:03:30 (628 MB/s) - ‘server-status’ saved [7404/7404]
looking good. you could check the contents of your file either by using an editor or just $cat server-status no need for us to see really, it'd be obvious if it is the desired result or just another error or index page. So next thing for you would be to check the other request which ended up in an error 403 what IP apache is really seeing for that and allow this. Or stay with the local IP and use something like apache_exporter + prometheus + grafana
