Apache JServ Status

Introduction

One interesting feature of Apache JServ is that its main class, JServ.java, is a servlet! Yes, it may seem strange, but Apache JServ is able to execute itself as a servlet to output runtime information such as configurations and, in the future, enable remote administration and runtime data such as load or number of servlets in use.

The Apache JServ Status is a collection of dynamically generated web pages that allow the administrator to have a direct idea of the status of the system, on both the mod_jserv module and on each connected servlet engine.

Accessing the Apache JServ Status pages

The Apache JServ Status front page is enabled by default in the example configurations shipped in the distribution and it's mapped to the URI named /jserv/ (note the trailing slash!) in your main web server space (for most systems try http://127.0.0.1:80/jserv/ but the address and the port are highly dependent on your web server configurations).

These pages give you the ability to check existing configurations remotely and control the correct servlet engine behavior from a centralized information system.

Warning: even if the status pages are enabled in the sample configuration files shipped with the distribution, you are strongly encouraged to deny the access to this location on a production environment since this may give untrusted users the ability to gather important system security information.

Customizing the access to the Apache JServ Status pages

Here it's shown a general list of web server directives that can be used to map the Apache JServ status pages to a particular location. These are the directives used by the Apache Web Server and may be placed in any of the three configuration files.
<Location /status/jserv/>
  SetHandler jserv-status
  order deny,allow
  deny from all
  allow from dummy.org
</Location>
The above directives map the Apache JServ status pages (SetHandler jserv-status) to the URI /status/jserv/ (<location /status/jserv/>) allowing the access only from requests coming from the "dummy.org" domain.

For more complex examples and documentation on how to restrict access to a particular URI see the web server documents.

Removing the Apache JServ Status pages

Removing these page is just a matter of removing the above directives from the web server configuration files.

Copyright (c) 1997-99 The Java Apache Project.
$Id: howto.status.html,v 1.5 1999/06/09 05:21:28 jonbolt Exp $
All rights reserved.