] Apache Server Status for www.nbc.com ] Server Version: Apache/1.3.27 (Unix) ] Server Built: Feb 3 2003 13:53:06 ] Current Time: Friday, 14-Mar-2003 17:33:41 PST ] Restart Time: Friday, 14-Mar-2003 00:00:04 PST ] Parent Server Generation: 6 ] Server uptime: 17 hours 33 minutes 37 seconds ] Total accesses: 12672600 - Total Traffic: 40.5 GB ] CPU Usage: u1474.56 s373.32 cu15.51 cs6.74 - 2.96% CPU ] load ] 200 requests/sec - 0.7 MB/second - 3434 B/request ] 497 requests currently being processed, 967 idle servers Admins take note.. Leaving your server-status open is lame. Leaving your server-status open when you have extended status on, is really lame. Want to see who is browsing www.nbc.com? No problem! Just a little information leakage.. I hit reload a bunch of times watching for the Restart Time and PSG to change, as that would indicate a different server in a SLB rotation. I only saw two machines. I also noticed that the Server Build time changed, which indicates that they do not compile their binaries on a seperate machine and use some package management scheme to manage the software on the boxes. Sloppy.. Sort of like leaving your server-status open for the world to see. As a side note, you can go to Google and search for "Apache Server Status for" and find many of these.. Although at this one, you will actually see some serious traffic taking place. Wonder how long before this gets closed.. FYI NBC, in httpd.conf: < Location /server-status> SetHandler server-status Order deny,allow Deny from all # Or you could just use Allow from all # these to limit by network AuthType Basic AuthName "Some AuthName" AuthUserFile /some/place/where/you/have/a/htpasswd Require valid-user </Location> |