The following configuration makes the /server-status location return 403 even from localhost:
<Location "/server-status">
SetHandler server-status
Require ip 127.0.0.1 ::1 172.16.0.0/12 192.168.0.0/16
SetEnv dontlog
</Location>
<Location "/">
# AND-combine with preceding configuration sections
AuthMerging And
# include black list
Include custom.d/globalblacklist.conf
</Location>
However, if I change the order of these two, it starts working correctly:
<Location "/">
# AND-combine with preceding configuration sections
AuthMerging And
# include black list
Include custom.d/globalblacklist.conf
</Location>
<Location "/server-status">
SetHandler server-status
Require ip 127.0.0.1 ::1 172.16.0.0/12 192.168.0.0/16
SetEnv dontlog
</Location>
Based on the instructions, I thought that the blacklist location should be the last one, now I'm not sure what else could be broken because of this. The virtualhost definition is done before this config block. What's the proper configuration for cases such as this?
Server (please complete the following information):
Server version: Apache/2.4.62 (Rocky Linux 9)
Server built: Jan 29 2025 00:00:00
The following configuration makes the
/server-statuslocation return 403 even from localhost:However, if I change the order of these two, it starts working correctly:
Based on the instructions, I thought that the blacklist location should be the last one, now I'm not sure what else could be broken because of this. The virtualhost definition is done before this config block. What's the proper configuration for cases such as this?
Server (please complete the following information):
Server version: Apache/2.4.62 (Rocky Linux 9)
Server built: Jan 29 2025 00:00:00