2

I'm getting Forbidden error when trying to access www.website.com/server-status

mod_status is enabled

The VirtualHost:

<VirtualHost *:8080>
   ServerName  website.com
   ServerAlias www.website.com
   DocumentRoot /var/www/wordpress/
   DirectoryIndex index.php
   <Directory /var/www/wordpress/>
      AllowOverride All
      Order Deny,Allow
      Allow from all
      Options +Indexes
   </Directory>

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from .website.com
</Location>

   ErrorLog /var/www/wordpress/logs/error.log
   CustomLog /var/www/wordpress/logs/access.log combined
</VirtualHost>

I've tried to change Allow from .website.com to the website IP and same issue occurs. When I try to change it to Allow from all I get a 404.

Another try I've made was setting allow from 127.0.0.1 and accessing via lynx from within the server, same issue pretty much.

Here is the error received in the error.log:

[error] [client 127.0.0.1] client denied by server configuration: /var/www/wordpress/server-status

Furthermore, I've disabled status.conf location override to make sure the only server-status definition will be in the VirtualHost. Setting the server-status location in apache.conf provide with same results.

Any idea what am I missing?

I've tried assisting the following resources which none provided me with a solution:

  1. Apache Module mod_status
  2. Apache server-status 403 at non-standard port
  3. Apachelounge post

Thanks

Community
  • 1
Shahar Galukman
  • 207
  • 1
  • 4
  • 11
  • If this helps anyone. Proved really useful to me :- https://axioman.tumblr.com/post/145549935091/403-access-forbidden-error-for-apache-server –  Jun 17 '16 at 06:54

3 Answers3

3

The Allow from line doesn't have to do with your website. Allow from allows people with a specified IP address (or domain name that resolves to an IP) to access your website.

So if your home has an IP address of 2.2.2.2, you would put allow from 2.2.2.2 and NOT allow from yourownwebsite.com.

That should fix your 403 (forbidden), although I realize you said you tried changing that to 127.0.0.1, and accessing it directly from the server. Have you tried changing 127.0.0.1 to localhost?

Now, regarding the 404. That's a different issue entirely. That's a "Not Found" error, and not a "forbidden" error.

VirtualHost containers, by default, aren't really meant to be used with mod_status. It simply will not work. According to this website, you have 2 options:

  1. Make the server listen on an alternative port (such as 8080)
  2. Change the asterisk in <VirtualHost *:80> to your server's public IP address - then, you can access the server-status only from localhost / 127.0.0.1
Cedric Knight
  • 1,098
  • 6
  • 20
David W
  • 3,405
  • 5
  • 34
  • 61
  • Thank you for your response David but I do need few clarifications: 1) By home ip address you mean the machine I use to access the website.com/server-status? if so then it doesn't solve the 403 issue. My try with changing to 127.0.0.1 also included the localhost attempt as well. 2) The 404 error occurs only when I tried using allow from all, though I prefer not using this and to define a specific domain/ip to access from. Either way as for your advice I've moved the server-status location definition to the apache.conf, yet still the 403 issue remains. – Shahar Galukman Nov 26 '14 at 11:43
  • 1) Yes - the machine you're connecting from. 2) The 403 is a permissions issue, and the 404 is a not found issue. It sounds to me like one is related to the other. Other than looking at the link I provided in my earlier answer, I don't have further advice. – David W Nov 27 '14 at 20:27
  • For the 404 error, see my answer here: https://serverfault.com/questions/291692/why-do-i-get-a-404-not-found-when-trying-to-get-server-status/648259?noredirect=1#comment1375397_648259 It's possible to get `server-status` working within a `VirtualHost`, and shouldn't be necessary to set up a new port or anything. However, you may want an auxiliary `VirtualHost` for server-status to administratively separate from the main site. I'll update the non-functional link so it points to an archived function. – Cedric Knight Mar 07 '21 at 12:52
2

Check if you have the right VirtualHost configuration. You can try to create VirtualHost config for 127.0.0.1, like this:

<VirtualHost *:80>
    ServerAdmin superadmin@somemail.com
    ServerName 127.0.0.1
    DocumentRoot /var/www
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www>
      Options +FollowSymLinks
      AllowOverride None
      order allow,deny
      allow from all

    </Directory>

</VirtualHost>

Found it here

smonff
  • 346
  • 2
  • 5
  • 15
druss
  • 141
  • 2
  • Thanks for this. I had this same VirtualHost problem where it simply doesn't work unless you have this setup first. – Josh Sep 29 '15 at 17:59
0

I dont know much about WordPress, but if it is anything like Laravel, Magento, or just about any other web software that runs on Apache, there is a .htaccess file that is located in the root directory, a simple example from https://codex.wordpress.org/htaccess is right here:

 # BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>
# END WordPress

I would bet real money that if you change 

AllowOverrides All

to

AllowOverrides None

the page shows up, however to me the conflation of the .htaccess file and and the httpd.conf, along with the God awful mess that is all the conf files of Apache, I choose to attend to this in a different way.

I choose to change the .htaccess file from what is show above for example to:

 # BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} /server-status
    RewriteRule ".?" "-" [S=1]
    RewriteRule . /index.php [L]
</IfModule>
# END WordPress

this will cause the RewriteCond to match the endpoint uri, and then have the RewriteRule skip over the controlling rule that rewrites all endpoints to index.php so the wordpress engine can work with dynamic urls.

There maybe a simpler way, but I would have my http.conf as so:

<VirtualHost *:8080>
    ServerName  website.com
    ServerAlias www.website.com
    DocumentRoot /var/www/wordpress/
    DirectoryIndex index.php
    <Directory /var/www/wordpress/>
        AllowOverride All
        Order Deny,Allow
        Allow from all
        Options +Indexes
    </Directory>
    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/24
    </Location>
    ErrorLog /var/www/wordpress/logs/error.log
    CustomLog /var/www/wordpress/logs/access.log combined
</VirtualHost>

some follow up reading?

https://httpd.apache.org/docs/2.2/en/mod/mod_rewrite.html

https://httpd.apache.org/docs/2.2/howto/htaccess.html

Chris
  • 181
  • 2