In Progress WHM using outdated accept/deny in httpd.conf

[The Old Man]

Hi,

I noticed that in my httpd.conf the WHM setting related to server-status is still using the outdated allowed/deny rules instead of the newer require rules terminology.

Any particular reason for this or just an oversight?

You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option.
<IfModule status_module>
# This is used by the WHM 'Apache Status' application
<Location /whm-server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 ::1
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
<IfModule security3_module>
modsecurity_rules 'SecRuleEngine Off'
</IfModule>
</Location>

<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.0/8 ::1
</Location>
</IfModule>

Regards.

 

[cPRex]

Hey there! I did speak with the web server team about this and they are going to get me an update tomorrow. I'll post again once I have more details.

 

[cPRex]

Thanks for pointing this out. The team has decided we do need to update that language, and there is an internal development case to get that taken care of. Once that happens I'll be sure to post an update here.