3

I'm getting Forbidden error when trying to access www.website.com/server-status

mod_status is enabled

The VirtualHost:

<VirtualHost *:8080>
   ServerName  website.com
   ServerAlias www.website.com
   DocumentRoot /var/www/wordpress/
   DirectoryIndex index.php
   <Directory /var/www/wordpress/>
      AllowOverride All
      Order Deny,Allow
      Allow from all
      Options +Indexes
   </Directory>

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from .website.com
</Location>

   ErrorLog /var/www/wordpress/logs/error.log
   CustomLog /var/www/wordpress/logs/access.log combined
</VirtualHost>

I've tried to change Allow from .website.com to the website IP and same issue occurs. When I try to change it to Allow from all I get a 404.

Another try I've made was setting allow from 127.0.0.1 and accessing via lynx from within the server, same issue pretty much.

Here is the error received in the error.log:

[error] [client 127.0.0.1] client denied by server configuration: /var/www/wordpress/server-status

Furthermore, I've disabled status.conf location override to make sure the only server-status definition will be in the VirtualHost. Setting the server-status location in apache.conf provide with same results.

Any idea what am I missing?

I've tried assisting the following resources which none provided me with a solution:

  1. Apache Module mod_status
  2. Apache server-status 403 at non-standard port
  3. Apachelounge post

Thanks

Community
  • 1
Shahar Galukman
  • 217

3 Answers3

4

The Allow from line doesn't have to do with your website. Allow from allows people with a specified IP address (or domain name that resolves to an IP) to access your website.

So if your home has an IP address of 2.2.2.2, you would put allow from 2.2.2.2 and NOT allow from yourownwebsite.com.

That should fix your 403 (forbidden), although I realize you said you tried changing that to 127.0.0.1, and accessing it directly from the server. Have you tried changing 127.0.0.1 to localhost?

Now, regarding the 404. That's a different issue entirely. That's a "Not Found" error, and not a "forbidden" error.

VirtualHost containers, by default, aren't really meant to be used with mod_status. It simply will not work. According to this website, you have 2 options:

  1. Make the server listen on an alternative port (such as 8080)
  2. Change the asterisk in <VirtualHost *:80> to your server's public IP address - then, you can access the server-status only from localhost / 127.0.0.1
Cedric Knight
  • 1,158
David W
  • 3,557
3

Check if you have the right VirtualHost configuration. You can try to create VirtualHost config for 127.0.0.1, like this:

<VirtualHost *:80>
    ServerAdmin superadmin@somemail.com
    ServerName 127.0.0.1
    DocumentRoot /var/www
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www>
      Options +FollowSymLinks
      AllowOverride None
      order allow,deny
      allow from all

&lt;/Directory&gt;




</VirtualHost>

Found it here

smonff
  • 346
druss
  • 191
0

I dont know much about WordPress, but if it is anything like Laravel, Magento, or just about any other web software that runs on Apache, there is a .htaccess file that is located in the root directory, a simple example from https://codex.wordpress.org/htaccess is right here:

 # BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>
# END WordPress

I would bet real money that if you change 

AllowOverrides All

to

AllowOverrides None

the page shows up, however to me the conflation of the .htaccess file and and the httpd.conf, along with the God awful mess that is all the conf files of Apache, I choose to attend to this in a different way.

I choose to change the .htaccess file from what is show above for example to:

 # BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} /server-status
    RewriteRule ".?" "-" [S=1]
    RewriteRule . /index.php [L]
</IfModule>
# END WordPress

this will cause the RewriteCond to match the endpoint uri, and then have the RewriteRule skip over the controlling rule that rewrites all endpoints to index.php so the wordpress engine can work with dynamic urls.

There maybe a simpler way, but I would have my http.conf as so:

<VirtualHost *:8080>
    ServerName  website.com
    ServerAlias www.website.com
    DocumentRoot /var/www/wordpress/
    DirectoryIndex index.php
    <Directory /var/www/wordpress/>
        AllowOverride All
        Order Deny,Allow
        Allow from all
        Options +Indexes
    </Directory>
    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/24
    </Location>
    ErrorLog /var/www/wordpress/logs/error.log
    CustomLog /var/www/wordpress/logs/access.log combined
</VirtualHost>

some follow up reading?

https://httpd.apache.org/docs/2.2/en/mod/mod_rewrite.html

https://httpd.apache.org/docs/2.2/howto/htaccess.html

Chris
  • 191