Protecting mod info & mod status

Forum Moderators: phranque

Message Too Old, No Replies

Protecting mod info & mod status

How do you password protect access to apache modules

ameyerson

2:05 pm on Jun 28, 2007 (gmt 0)

Hey Everyone,
If you enable apache modules like mod_info and mod_status they are open to the world.

Is there a way to password protect access to them?

Limiting access based on IP or domain is not an option.

Thanks..

jdMorgan

4:54 pm on Jun 28, 2007 (gmt 0)

From the mod_info documentation [httpd.apache.org]:

Due to the way this module works there is no way to block information from it.

Information on password-protecting mod_status is available in the mod_status documentation [httpd.apache.org] itself.

Jim

slive

7:29 pm on Jun 28, 2007 (gmt 0)

That comment in the docs applies only to particular items displayed by mod_status.

You can still block mod_status entirely by placing auth/access directives inside the <Location> section where you activated it:

For example, see:
[svn.apache.org...]

ameyerson

12:36 am on Jun 29, 2007 (gmt 0)

Thanks for the replies. It appears that the only way to restrict access is to limit it based on the users domain. I use it so infrequently that I will just disable.