Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
server-status
Apache server status page
What an attacker could do
The Apache mod_status page reveals live request URLs, client IP addresses, server uptime, worker activity, and the Apache/OS version, exposing internal endpoints and session tokens passed in query strings to anyone who can reach it.
How to defend it
Restrict the mod_status handler to localhost or an internal management network with Require ip directives, or disable mod_status entirely if not needed.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation