access /server-status without credentials
access /server-status without credentials
Hi,
I've just started learning apache so bear with me.
I've successfully configured the /server-status page on our nagios server:
<Location /server-status>
SetHandler server-status
Order deny,allow
Allow from x.x.x.x
</Location>
However, it requests credentials whenever you attempt to browse to it which means alot of the nagios plugins for checking apache wont work as a lot of them dont have username/password arguments.
Is there a way in httpd.conf to allow access to /server-status without being forced to enter nagios credentials?
This is so I can configure our other apache web servers /server-status pages and allow nagios to check them without worrying about credential issues.
I've just started learning apache so bear with me.
I've successfully configured the /server-status page on our nagios server:
<Location /server-status>
SetHandler server-status
Order deny,allow
Allow from x.x.x.x
</Location>
However, it requests credentials whenever you attempt to browse to it which means alot of the nagios plugins for checking apache wont work as a lot of them dont have username/password arguments.
Is there a way in httpd.conf to allow access to /server-status without being forced to enter nagios credentials?
This is so I can configure our other apache web servers /server-status pages and allow nagios to check them without worrying about credential issues.
-
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: access /server-status without credentials
Hello,
Try setting the apache config as follows. This is working on my test system.
To test run the following curl command and post the any errors messages.
Try setting the apache config as follows. This is working on my test system.
Code: Select all
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 <IP address Nagios>
</Location>
Code: Select all
curl -k -L -v http://127.0.0.1/server-status
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: access /server-status without credentials
ok cheers.
Got this working on my lab at home:
will need to wait until monday now to do the same on the work setup to test
Got this working on my lab at home:
Code: Select all
[root@v-nagios-xi ~]# curl -k -L -v http://192.168.0.214/server-status
* About to connect() to 192.168.0.214 port 80 (#0)
* Trying 192.168.0.214...
* Connected to 192.168.0.214 (192.168.0.214) port 80 (#0)
> GET /server-status HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.0.214
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 11 Oct 2019 22:20:32 GMT
< Server: Apache/2.4.6 (CentOS) PHP/5.4.16
< Content-Length: 3016
< Content-Type: text/html; charset=ISO-8859-1
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html><head>
<title>Apache Status</title>
</head><body>
<h1>Apache Server Status for 192.168.0.214 (via 192.168.0.214)</h1>
<dl><dt>Server Version: Apache/2.4.6 (CentOS) PHP/5.4.16</dt>
<dt>Server MPM: prefork</dt>
<dt>Server Built: Aug 8 2019 11:41:18
</dt></dl><hr /><dl>
<dt>Current Time: Friday, 11-Oct-2019 23:20:32 BST</dt>
<dt>Restart Time: Friday, 11-Oct-2019 23:19:36 BST</dt>
<dt>Parent Server Config. Generation: 1</dt>
<dt>Parent Server MPM Generation: 0</dt>
<dt>Server uptime: 56 seconds</dt>
<dt>Server load: 0.00 0.01 0.05</dt>
<dt>Total accesses: 1 - Total Traffic: 3 kB</dt>
<dt>CPU Usage: u0 s0 cu0 cs0<dt>.0179 requests/sec - 54 B/second - 3072 B/request</dt>
<dt>1 requests currently being processed, 5 idle workers</dt>
</dl><pre>__W___..........................................................
................................................................
................................................................
................................................................
</pre>
<p>Scoreboard Key:<br />
"<b><code>_</code></b>" Waiting for Connection,
"<b><code>S</code></b>" Starting up,
"<b><code>R</code></b>" Reading Request,<br />
"<b><code>W</code></b>" Sending Reply,
"<b><code>K</code></b>" Keepalive (read),
"<b><code>D</code></b>" DNS Lookup,<br />
"<b><code>C</code></b>" Closing connection,
"<b><code>L</code></b>" Logging,
"<b><code>G</code></b>" Gracefully finishing,<br />
"<b><code>I</code></b>" Idle cleanup of worker,
"<b><code>.</code></b>" Open slot with no current process<br />
<p />
<table border="0"><tr><th>Srv</th><th>PID</th><th>Acc</th><th>M</th><th>CPU
</th><th>SS</th><th>Req</th><th>Conn</th><th>Child</th><th>Slot</th><th>Client</th><th>VHost</th><th>Request</th></tr>
<tr><td><b>0-0</b></td><td>14709</td><td>0/1/1</td><td>_
</td><td>0.00</td><td>38</td><td>0</td><td>0.0</td><td>0.00</td><td>0.00
</td><td>192.168.0.211</td><td nowrap>v-nagios-repo.ghfb.local:80</td><td nowrap>NULL</td></tr>
<tr><td><b>2-0</b></td><td>14711</td><td>0/0/0</td><td><b>W</b>
</td><td>0.00</td><td>0</td><td>0</td><td>0.0</td><td>0.00</td><td>0.00
</td><td>192.168.0.215</td><td nowrap>v-nagios-repo.ghfb.local:80</td><td nowrap>GET /server-status HTTP/1.1</td></tr>
</table>
<hr /> <table>
<tr><th>Srv</th><td>Child Server number - generation</td></tr>
<tr><th>PID</th><td>OS process ID</td></tr>
<tr><th>Acc</th><td>Number of accesses this connection / this child / this slot</td></tr>
<tr><th>M</th><td>Mode of operation</td></tr>
<tr><th>CPU</th><td>CPU usage, number of seconds</td></tr>
<tr><th>SS</th><td>Seconds since beginning of most recent request</td></tr>
<tr><th>Req</th><td>Milliseconds required to process most recent request</td></tr>
<tr><th>Conn</th><td>Kilobytes transferred this connection</td></tr>
<tr><th>Child</th><td>Megabytes transferred this child</td></tr>
<tr><th>Slot</th><td>Total megabytes transferred this slot</td></tr>
</table>
</body></html>
* Connection #0 to host 192.168.0.214 left intact
[root@v-nagios-xi ~]#
will need to wait until monday now to do the same on the work setup to test
Re: access /server-status without credentials
not working with both the following configurations locally and from my windows managment server:
Code: Select all
922 <Location /server-status>
923 SetHandler server-status
924 Order deny,allow
925 Deny from all
926 Allow from 127.0.0.1,xx.xx.102.201
927 </Location>
Code: Select all
922 <Location /server-status>
923 SetHandler server-status
924 Order deny,allow
925 Deny from all
926 Allow from 127.0.0.1,xx.xx.102.201
927 Require all granted
928 </Location>
Code: Select all
[root@nagios conf]# curl -k -L -v http://127.0.0.1/server-status
* About to connect() to 127.0.0.1 port 80 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /server-status HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 127.0.0.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Mon, 14 Oct 2019 10:37:59 GMT
< Server: Apache/2.2.15 (Red Hat)
< Location: https://nagios.internal.domain/server-status
< Content-Length: 308
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
* Closing connection #0
* Issue another request to this URL: 'https://nagios.internal.domain/server-status'
* About to connect() to nagios.internal.domain port 443 (#0)
* Trying xx.xx.110.94... connected
* Connected to nagios.internal.domain (xx.xx.110.94) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=nagios.internal.domain,OU=Libr,O=C,L=C,ST=S,C=xx
* start date: Dec 09 10:10:31 2015 GMT
* expire date: Dec 08 10:10:31 2017 GMT
* common name: nagios.internal.domain
* issuer: CN=Issuing CA 1,DC=internal,DC=xxxx,DC=xx,DC=xx
> GET /server-status HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: nagios.internal.domain
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Date: Mon, 14 Oct 2019 10:37:59 GMT
< Server: Apache/2.2.15 (Red Hat)
< Content-Length: 309
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at nagios.internal.domain Port 443</address>
</body></html>
* Closing connection #0
[root@nagios conf]#
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: access /server-status without credentials
Do you have the same configuration in the SSL config?
I ask because it is redirecting to the SSL version and then failing
I ask because it is redirecting to the SSL version and then failing
Re: access /server-status without credentials
just added:
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1,xx.xx.102.201
Require all granted
</Location>
to the ssl.conf both inside and outside of the <virtualhost> tags and tested both versions and still getting 403 Forbidden.
annoying
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1,xx.xx.102.201
Require all granted
</Location>
to the ssl.conf both inside and outside of the <virtualhost> tags and tested both versions and still getting 403 Forbidden.
annoying
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: access /server-status without credentials
I'm not really sure what to say, you may want to consider consulting an apache forum as the issue you are hitting isn't really Nagios related, but a configuration problem with an external apache config.
Re: access /server-status without credentials
yeah, thanks for your assistance Scott, appreciated.
I have posted on the apache subreddit, but yet to get a response.
I have posted on the apache subreddit, but yet to get a response.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: access /server-status without credentials
Good luck!Guyver1 wrote:yeah, thanks for your assistance Scott, appreciated.
I have posted on the apache subreddit, but yet to get a response.