Apache – Fix Forbidden (403) When Accessing Server-Status

apache-2.2http-status-code-403virtualhost

I'm getting Forbidden error when trying to access www.website.com/server-status

mod_status is enabled

The VirtualHost:

<VirtualHost *:8080>
   ServerName  website.com
   ServerAlias www.website.com
   DocumentRoot /var/www/wordpress/
   DirectoryIndex index.php
   <Directory /var/www/wordpress/>
      AllowOverride All
      Order Deny,Allow
      Allow from all
      Options +Indexes
   </Directory>

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from .website.com
</Location>

   ErrorLog /var/www/wordpress/logs/error.log
   CustomLog /var/www/wordpress/logs/access.log combined
</VirtualHost>

I've tried to change Allow from .website.com to the website IP and same issue occurs.
When I try to change it to Allow from all I get a 404.

Another try I've made was setting allow from 127.0.0.1 and accessing via lynx from within the server, same issue pretty much.

Here is the error received in the error.log:

[error] [client 127.0.0.1] client denied by server configuration: /var/www/wordpress/server-status

Furthermore, I've disabled status.conf location override to make sure the only server-status definition will be in the VirtualHost. Setting the server-status location in apache.conf provide with same results.

Any idea what am I missing?

I've tried assisting the following resources which none provided me with a solution:

  1. Apache Module mod_status
  2. Apache server-status 403 at
    non-standard port
  3. Apachelounge post

Thanks

Best Answer

The Allow from line doesn't have to do with your website. Allow from allows people with a specified IP address (or domain name that resolves to an IP) to access your website.

So if your home has an IP address of 2.2.2.2, you would put allow from 2.2.2.2 and NOT allow from yourownwebsite.com.

That should fix your 403 (forbidden), although I realize you said you tried changing that to 127.0.0.1, and accessing it directly from the server. Have you tried changing 127.0.0.1 to localhost?

Now, regarding the 404. That's a different issue entirely. That's a "Not Found" error, and not a "forbidden" error.

VirtualHost containers, by default, aren't really meant to be used with mod_status. It simply will not work. According to this website, you have 2 options:

  1. Make the server listen on an alternative port (such as 8080)
  2. Change the asterisk in <VirtualHost *:80> to your server's public IP address - then, you can access the server-status only from localhost / 127.0.0.1
Related Topic