Activating server-status, what I didn’t realize

Turning on server-status (and server-inf0) lets you keep an eye on your Apache server’s activity, etc. The docs I ran across said simply to enable:

LoadModule status_module libexec/apache2/mod_status.so

But that’s not the whole story. You’ve also got to add some directives to httpd.conf:

ExtendedStatus On

“ExtendedStatus” is optional, but it provides more info. The next part is required:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    #Allow from all
    Deny from all
    Allow from 209.50.129.0/26 #autsys
</Location>

This instructs Apache to respond to /server-status by generating… the server status! You might want to change the location to something more opaque (like: s-stat) if you are worried about snoopers.

You can also get a lot of information by activating server-info:

# Added by MRS 2010MAR19
<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from 209.50.129.0/26 #autsys
</Location>

Notice also the aggressive permissions: start by denying all access and then allowing only your IP address or address range. If you don’t have a fixed IP address, you maybe shouldn’t be doing this, eh?

google_pluslinkedingoogle_pluslinkedinby feather

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.