Linux: Enable extended httpd status reports in Apache through service: fullstatus
Apache HTTPD is the most popular web server to date. It's extensible and configurable to meet various needs both small and big. Here we'll focus on extending it's reporting functionality by enabling full status capability to see more granularity in status reports. As you probably know, the service on Red Hat Linux systems can be controlled with the service command like this:
- service httpd restart
- service httpd stop
- service httpd start
- service httpd status (tells if the process is running and reports the PID of the process: nothing else useful is reported)
The configuration httpd parameter above actually refers to a script and can be viewed by editing the file /etc/init.d/httpd using vi, pico, nano or other CLI editors to look up other parameters httpd can be given (ie stop, start, restart, status etc as above). One of the commands of interest is fullstatus which does not yet come configured out of the box. Here are the steps to enable it:
-
cat /etc/httpd/conf/httpd.conf|egrep "Location.*\-status"
# <Location /server-status>
(Checks if fullstatus has not already been enabled. A pound (#) before Location above indicates it is disabled) -
service httpd fullstatus (or apachectl fullstatus )
ForbiddenYou don't have permission to access /server-status on this server.
.
.
(If error is thrown, as above fullstatus has not been enabled) -
rpm -aq|grep elinks
elinks-0.12-0.6.pre2.fc10.i386
(Checks if elinks is installed. Do this before installing elinks.) -
yum install elinks
(IF elinks is NOT installed) -
rpm -aq|grep elinks
elinks-0.12-0.6.pre2.fc10.i386
(To verify installation worked) -
vi /etc/httpd/conf/httpd.conf
(Or use pico or nano if you are not comfortable with vi.) - Find and uncomment the line ExtendedStatus On (Remove # from start of line)
-
Find and uncomment the following directives. Change configuration
From
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from example.com
#</Location>To
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost 127.0.0.1
</Location> - Save the configuration file and exit (In vi type :wq )
-
service httpd restart
(Restart the httpd service) - service httpd fullstatus (or apachectl fullstatus)
The last command should print output similar to the below:
Apache Server Status for localhost
Server Version: Apache/2.2.10 (Unix) DAV/2 PHP/5.2.6 Apache/2.2.0 (Fedora)
mod_perl/2.0.4 Perl/v5.10.0
Server Built: Oct 21 2008 07:51:36
--------------------------------------------------------------------------
Current Time: Wednesday, 14-Jan-2009 01:15:24 EST
Restart Time: Tuesday, 13-Jan-2009 09:57:34 EST
Parent Server Generation: 0
Server uptime: 15 hours 17 minutes 50 seconds
Total accesses: 13 - Total Traffic: 14 kB
CPU Usage: u.71 s.09 cu0 cs0 - .00145% CPU load
.000236 requests/sec - 0 B/second - 1102 B/request
1 requests currently being processed, 7 idle workers
______W_........................................................
................................................................
................................................................
................................................................
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process
Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request
0-0 2465 0/2/2 _ 0.43 26995 74 0.0 0.00 0.00 24.102.58.189 127.0.0.1 GET /nonexistenshit
HTTP/1.1
1-0 2468 0/2/2 _ 0.00 26995 1 0.0 0.01 0.01 24.102.58.189 127.0.0.1 GET /mail/bin/msgimport
HTTP/1.1
2-0 2471 0/2/2 _ 0.00 26994 1 0.0 0.00 0.00 24.102.58.189 127.0.0.1 GET /bin/msgimport
HTTP/1.1
3-0 2474 0/2/2 _ 0.37 26994 1 0.0 0.00 0.00 24.102.58.189 127.0.0.1 GET /rc/bin/msgimport
HTTP/1.1
GET
4-0 2476 0/2/2 _ 0.00 26994 1 0.0 0.00 0.00 24.102.58.189 127.0.0.1 /roundcube/bin/msgimport
HTTP/1.1
GET
5-0 2478 0/2/2 _ 0.00 26993 1 0.0 0.00 0.00 24.102.58.189 127.0.0.1 /webmail/bin/msgimport
HTTP/1.1
6-0 2480 0/1/1 W 0.00 0 0 0.0 0.00 0.00 127.0.0.1 127.0.0.1 GET /server-status
HTTP/1.1
--------------------------------------------------------------------------
Srv Child Server number - generation
PID OS process ID
Acc Number of accesses this connection / this child / this slot
M Mode of operation
CPU CPU usage, number of seconds
SS Seconds since beginning of most recent request
Req Milliseconds required to process most recent request
Conn Kilobytes transferred this connection
Child Megabytes transferred this child
Slot Total megabytes transferred this slot
--------------------------------------------------------------------------
Apache/2.2.0 (Fedora) Server at localhost Port 80
In the above case it caught the popular nonexistenshit scan attempt discussed earlier in Security: Round cube webmail scans spreading on the web: roundcube, msgimport, nonexistenshit and webmail
Cheers!
Hi
Sorry for my english
I do that you wrote but now i have error: ELinks: Connection refused
What shoud I do?
Hey Igor,
No worries about the English. 🙂
When I see that error I think of lot’s of things that could go wrong:
First and foremost, consider upgrading to the latest version of your http and elinks software. Then, if you still get the error or you couldn’t upgrade:
What version of elinks and httpd are you running?
What is your distribution?
Is the above message printed in one of the HTTP log files in /var/log/httpd/ or when you restart httpd?
What do you get when you type service httpd fullstatus?
Are you configuring this through the root account?
Is there a firewall on your system?
Where are you running the commands from?
You could also try the following and mention here what you get:
# rpm -qf $(which links)
elinks-0.12-0.13.pre3.fc11.i586
# links –dump google.com
.
.
.
#
OR
# links –dump [URL that caused you to get Elinks: connection refused]
.
.
.
#
AND
# links –dump http://localhost:80/server-status
#
Then load the URL http://localhost:80/server-status into your browser and mention what you get.
Thanks,
TK
What version of elinks and httpd are you running?
– elinks-0.11.1-5.1.0.1.el5
Apache/2.2.3 (Red Hat)
What is your distribution?
– What is it?
Is the above message printed in one of the HTTP log files in /var/log/httpd/ or when you restart httpd?
No error
What do you get when you type service httpd fullstatus?
ELinks: Connection refused
****
When I type httpd fullstatus, then showed
Usage: httpd [-D name] [-d directory] [-f file]
[-C “directive”] [-c “directive”]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-S]
Options:
-D name : define a name for use in directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C “directive” : process directive before reading config files
-c “directive” : process directive after reading config files
-e level : show startup errors of level (see LogLevel)
-E file : log startup errors to file
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled in modules
-L : list available configuration directives
-t -D DUMP_VHOSTS : show parsed settings (currently only vhost settings)
-S : a synonym for -t -D DUMP_VHOSTS
-t -D DUMP_MODULES : show all loaded modules
-M : a synonym for -t -D DUMP_MODULES
-t : run syntax check for config files
****
Are you configuring this through the root account?
Yes
Is there a firewall on your system?
Yes, and ssh opend – allowed
Where are you running the commands from?
Putty
You could also try the following and mention here what you get:
# rpm -qf $(which links)
elinks-0.12-0.13.pre3.fc11.i586
# links –dump google.com
Unabled to retrive file:///root/.dump
No such file or directory
AND
# links –dump http://localhost:80/server-status
Unabled to retrive file:///root/.dump
No such file or directory
#
Then load the URL http://localhost:80/server-status into your browser and mention what you get.
No page finded
But I read that someone say it was of the iptables, where is it?
Looks like you’re running Enterprise Linux 5. That’s also a very odd error message you get from ‘links –dump http://localhost:80/server-status‘.
Try these as well before you stop the firewall (I dont’ want to suggest that yet as it might be unsafe for you) I was not aware you were running this from putty:
On the host from putty, try:
$ lwp-request http://localhost:80/server-status # You should not get 404 Page not found.
and tell me what you get. If you get a 404 Page not found as it appears could be the case, please review the httpd.conf configuration in the post to ensure you have everything configured correctly.
If the above lwp-request doesn’t return anything ensure httpd is running properly:
$ service httpd restart # Make sure no errors are seen.
$ netstat -apneet|grep http # (Make sure something is returned with LISTEN and httpd appears in it)
$ lwp-request http://localhost:80/server-status
Tell me what you get from this command.
$ cat $(locate httpd.conf|grep httpd.conf$|grep etc)|grep -A 7 “server-status”
OR (if above doesn’t work)
$ cat /etc/httpd/conf/httpd.conf|grep -A 7 “server-status”
If you feel it’s safe to stop your firewall temporarily this is the way to do this (If it’s iptables):
Stop the firewall
$ service iptables stop
Try these again:
$ netstat -apneet|grep http
$ lwp-request http://localhost:80/server-status
Start the firewall
$ service iptables start
Good Luck!
TK
Thanks big
But me have already adjusted
Glad it worked out for you Igor.
Cheers!
TK
i’ve follow your step, but no changes.
can u help me..please.
Hey AA,
Sure, however, without much details from you, I’m not sure where you are seeing an issue.
I would suggest going over the steps above to see if anything didn’t work along the way in your case.
Thanks,
Tom K.