Question

Unable to get /server-status mod working with Apache2 on Ubuntu

Posted April 13, 2015 69.5k views
Ubuntu Apache Server Optimization WordPress

I have installed the default WordPress application image from digital ocean. I tried to follow this tutorial but it doesn’t work for me:

https://www.digitalocean.com/community/tutorials/how-to-install-configure-and-use-modules-in-the-apache-web-server

If I visit http://<my IP>/server-status I get a 404 page the one and only website I have installed on this server. If I visit http://www.domain.com/service-status I get this:

403
Forbidden

You don't have permission to access /server-status on this server.

How can I get this working?

If I try to visit it from lynx from the local host in the terminal whether I use domain name, IP or 127.0.0.1 or localhost I get 404 not found (weird!).

Add a comment
contact1124306
By:
contact1124306
Add a comment
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

8 answers
kamaln7 April 13, 2015

You’re getting a 403 Forbidden error because Apache is configured to only allow localhost to access /server-status:

    Allow from 127.0.0.1 ::1

You can allow access from your IP address like this:

<Location /server-status>
    ...
    Allow from 127.0.0.1 ::1
    Allow from Your.IP.Address.Here
</Location>

As for the 404 error, it looks like Wordpress is trying to serve /server-status because of the rewrite rules. There should be a few RewriteCond lines in the .htaccess, add the following line below them:

RewriteCond %{REQUEST_URI} !=/server-status
Reply Report
contact1124306 April 14, 2015

OK with a lot of trial and error I solved it.

The rewrite rule apparently cannot be above or below the WordPress stuff in the .htaccess of the root and it has to be in the middle as shown below or at least this is the only way that has worked for me so far: 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# rewrite rule for server-status to prevent 404 error
RewriteCond %{REQUEST_URI} !=/server-status

RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Also, I learned that for those of us running Cloud Flare (which is a lot, including digitalocean.com I noticed) you need to install the cloudflare mod or else limiting access by IP doesn’t work. https://www.cloudflare.com/resources-downloads#mod_cloudflare

Perhaps Digital Ocean should consider adding mod_cloudflare to their stock WordPress one click install image and maybe others.

Thanks for the help.

Reply Report
ICEC September 4, 2019

What worked for me was to turn RewriteEngine Off for the /server-status Location

<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1
RewriteEngine Off
</Location>
ExtendedStatus On

Hope it helps

Reply Report
contact1124306 April 13, 2015

Thanks for the reply. Adding this rewrite rule only makes it so www.mydomain.com/server-status is a “Forbidden” error instead of a 404.

This is what my /etc/apache2/mods-available/status.conf file says (I had already edited it):

        <Location /server-status>
                SetHandler server-status
                Order deny,allow
                Deny from all
                Allow from 127.0.0.1 ::1
                Allow from <my public IP>
        </Location>

I am trying to access it form the local host but I am still getting this forbidden error. Any other ideas?

Thanks.

Reply Report
  • kamaln7 April 13, 2015

    Can you post the full contents of the .htaccess file? Also, are there any errors in Apache’s error log?

    sudo tail /var/log/apache2/error.log
    Reply Report
contact1124306 April 13, 2015

Which .htaccess the one in the document root of the only vhost I’m running or the main document root or where?

This is the tail, looks like unrelated errors but any advice on that would be appreciated also.

[Tue Apr 14 00:01:59.167369 2015] [core:alert] [pid 28499] [client 199.27.128.162:42742] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:11:20.591436 2015] [core:alert] [pid 28646] [client 199.27.133.250:57249] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:11:30.955090 2015] [core:alert] [pid 28681] [client 199.27.133.220:39337] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:11:41.287518 2015] [core:alert] [pid 28656] [client 199.27.128.152:38262] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:11:51.618486 2015] [core:alert] [pid 28667] [client 199.27.128.162:20135] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:12:01.967101 2015] [core:alert] [pid 28646] [client 199.27.128.132:19640] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:12:12.334887 2015] [core:alert] [pid 28623] [client 199.27.128.152:18961] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:12:22.668483 2015] [core:alert] [pid 28680] [client 199.27.128.162:23007] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:12:33.019929 2015] [core:alert] [pid 28681] [client 199.27.133.250:9626] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:12:43.358314 2015] [core:alert] [pid 28646] [client 199.27.133.220:35807] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here

I just replaced my actual domain with “mydomain” because I don’t want the web crawlers to pick these up as links to follow.

These errors go back a couple of days before any of the changes above. They seem to happen at random intervals, they are clearly not happening for every visitor though. They show both referr as onsite URLs and things like http://www.google.com.ar. I haven’t noticed any issues from the user side would allow one to tell these errors are happening.

Here is the .htaccess from the main document root on the only vhost I’m running right now. If you wanted something else please let me know.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# rewrite 404 for server status
# RewriteCond %{REQUEST_URI} !=/server-status
</IfModule>
# END WordPress

Thanks.

Reply Report
MinecraftMojang February 14, 2018
[deleted]
Reply Report
ppehrson October 13, 2018

The above htaccess is wrong.

For enabling server-status on a Wordpress install, it should be:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/server-status
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Reply Report
ricky1146 November 16, 2018

What fixes this issue is a mix of settings. At least for myself, and my server.

First in your apache virtualhost configuration you need to change allow overides

<Directory Some/directory/here >
# Options Indexes
Options -FollowSymLinks
Options -Multiviews
Options -Indexes
AllowOverride None
</Directory>

Then before the closing virtualhosts command you place this

<Location /server-status>
SetHandler server-status
# Require local
Require ip YOUR IP here/Server IP
</Location>
</VirtualHost>

Then IF you have the defualt apache2 config modified to your liking with other settings. Like a custom Wordpress installation. You should have this as well for .HTACCESS

The important line is this
RewriteCond %{REQUEST_URI} !=/server-status

.HTACCESS file settings

BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUESTFILENAME} !-f
RewriteCond %{REQUESTFILENAME} !-d
RewriteCond %{REQUESTURI} !=/server-status
RewriteRule . /index.php [L]
</IfModule>
phpflag register_globals off

END WordPress

phpflag displayerrors Off

Options FollowSymLinks

Options -Indexes
Options -ExecCGI
Options -IncludesNOEXEC

Hope my post solves some other issues,

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help