From 5a5dc9d9b068e32e545c53a1d2ac7069ca910276 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Wed, 3 Jan 2018 21:55:31 +0100
Subject: [PATCH] Close down apache-status from the public

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 files/httpd/apachestatus.conf | 6 ++++++
 roles/apache/tasks/main.yml   | 1 +
 2 files changed, 7 insertions(+)

diff --git a/files/httpd/apachestatus.conf b/files/httpd/apachestatus.conf
index 747fb1a32e..41255f4deb 100644
--- a/files/httpd/apachestatus.conf
+++ b/files/httpd/apachestatus.conf
@@ -2,4 +2,10 @@ ExtendedStatus on
 
 <Location /apache-status>
     SetHandler server-status
+    <RequireAny>
+        Require ip 127.0.0.1
+	Require ip ::1
+	Require host localhost
+	Require valid-user
+    </RequireAny>
 </Location>
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
index b98b4fd511..b4206b048f 100644
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -85,6 +85,7 @@
   tags:
   - config
   - apache
+  - apachestatus
 
 - name: setup logrotate to our needs
   copy: src="{{ files }}/httpd/httpd.logrotate" dest=/etc/logrotate.d/httpd