In Progress WHM using outdated accept/deny in httpd.conf

Operating System & Version
Apache/2.4.54 (cPanel) OpenSSL/1.1.1q mod_fcgid/2.3.9 mod_cpanel/1.4 CentOS v7.9.2009 STANDARD virtuozzo
cPanel & WHM Version
cPanel & WHM v104.0.7 (STANDARD)

The Old Man

Well-Known Member
Feb 24, 2016
81
24
58
UK
cPanel Access Level
Root Administrator
Hi,

I noticed that in my httpd.conf the WHM setting related to server-status is still using the outdated allowed/deny rules instead of the newer require rules terminology.

Any particular reason for this or just an oversight?

Code:
You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option.
<IfModule status_module>
# This is used by the WHM 'Apache Status' application
<Location /whm-server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 ::1
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
<IfModule security3_module>
modsecurity_rules 'SecRuleEngine Off'
</IfModule>
</Location>

<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.0/8 ::1
</Location>
</IfModule>
Regards.
 
Last edited by a moderator: