The Apache Server Status module is an addition to Apache HTTP Server. It is a module that enables insights into the Apache HTTP Server performance and statistics.
In this guide we will learn how to configure and allow access to the information page provided by Apache Server Status module.
Information given by the Apache Server Status module (taken from apache.org):
- The number of worker serving requests
- The number of idle worker
- The status of each worker, the number of requests that worker has performed and the total number of bytes served by the worker (*)
- A total number of accesses and byte count served (*)
- The time the server was started/restarted and the time it has been running for
- Averages giving the number of requests per second, the number of bytes served per second and the average number of bytes per request (*)
- The current percentage CPU used by each worker and in total by Apache (*)
- The current hosts and requests being processed (*)
- The lines marked “(*)” are only available if ExtendedStatus is On.
Enable Apache Server Status Module
As said, Apache Server Status module on CentOS (probably same with other distributions also) is provided with the core Apache HTTP RPM package – httpd.
If you haven’t already installed Apache on your system do it by running:
[root@geekpeek1 ~]# yum install httpd
As many other modules we probably do not use, Apache Server Status module is also enabled by default. We can see and confirm this by viewing global Apache configuration file “/etc/httpd/conf/httpd.conf“ and find the following line:
LoadModule status_module modules/mod_status.so
If it is not commented out, it is enabled.
The point of the LoadModule line is to load the module by loading mod_status.so library which is located at “/usr/lib64/httpd/modules/mod_status.so“.
Start your Apache HTTP Server:
[root@geekpeek ~]# /etc/init.d/httpd start [ OK ]
Configure Apache Server Status Module Page
We can configure Apache Server Status module page with a “Location” directive and “SetHandler”. Adding “ExtendedStatus on” before this directive to get all of the information possible out of Apache Server Status module. Append the following at the end of the global Apache configuration file “/etc/httpd/conf/httpd.conf“.
<Location /server-status> SetHandler server-status </Location>
Restrict Access to Apache Server Status Page
Since giving out all of this information to any user accessing your Apache might be a bit of a security risk, it is usually good practice to restrict access to Apache Server Status module.
This can be achieved with “Deny” or “Allow” parameters for Apache 2.2 and with “Require” parameters for Apache 2.4.
We can restrict access to certain domains, specific ip addresses or ip subnets – as desired.
The following example restricts access to 192.168.190 subnet, specific 192.168.160.11 ip address and geekpeek.net domain if you are using Apache 2.4:
<Location /server-status> SetHandler server-status Require all denied Require ip 192.168.190 192.168.160.11 Require host geekpeek.net </Location>
Next example example restricts access to 192.168.190 subnet, specific 192.168.160.11 ip address and geekpeek.net domain if you are using Apache 2.2:
<Location /server-status> SetHandler server-status Deny from all Allow from 192.168.190 192.168.160.11 Allow from geekpeek.net </Location>
Problems Accessing Apache Server Status Page
If you are being welcomed by the “Forbidden” page when trying to access the Apache Server Status page, you probably have a Apache configuration issue, not allowing you to access /server-status on your Apache server.
Take a look at the Apache error log and you should find a line like this:
[Tue Dec 02 14:31:09 2014] [error] [client 192.168.1.20] client denied by server configuration: /var/www/html/server-status
You should open up the global Apache configuration file“/etc/httpd/conf/httpd.conf” and look for the directory document root directive.
By default this is:
Inside this directive find the “Deny from” and “Allow from” rules or “Require” and edit these to allow access.
Reload Apache configuration and try to access the page again.
If it still does not work, look for any other “Deny from” and “Allow from” or “Require” access restrictions and try again.