* modules/md/mod_md_config.c: Flip MDServerStatus to disabled by

author Joe Orton <jorton@apache.org>

Wed, 10 Jun 2026 17:01:40 +0000 (17:01 +0000)

committer Joe Orton <jorton@apache.org>

Wed, 10 Jun 2026 17:01:40 +0000 (17:01 +0000)
author Joe Orton <jorton@apache.org>
Wed, 10 Jun 2026 17:01:40 +0000 (17:01 +0000)
committer Joe Orton <jorton@apache.org>
Wed, 10 Jun 2026 17:01:40 +0000 (17:01 +0000)
diff --git a/changes-entries/md-status.txt b/changes-entries/md-status.txt

new file mode 100644 (file)

index 0000000..cf6d627
--- /dev/null
+++ b/changes-entries/md-status.txt
@@ -0,0 +1,3 @@
+  *) mod_md: MDServerStatus is now disabled by default.  [Joe Orton]
+
+
diff --git a/docs/manual/mod/mod_md.xml b/docs/manual/mod/mod_md.xml

index fe5be655af246279772ae69347fd85f348075d6e..7decbb502bac66630d5118412b80f7898445df74 100644 (file)
--- a/docs/manual/mod/mod_md.xml
+++ b/docs/manual/mod/mod_md.xml
@@ -1114,17 +1114,20 @@ MDMessageCmd /etc/apache/md-message
          <name>MDServerStatus</name>
          <description>Control if Managed Domain information is added to <code>server-status</code>.</description>
          <syntax>MDServerStatus on|off</syntax>
-        <default>MDServerStatus on</default>
+        <default>MDServerStatus off</default>
          <contextlist>
              <context>server config</context>
          </contextlist>
          <usage>
              <p>
-                Apaches '<code>server-status</code>' handler allows you configure a resource to monitor
-                what is going on. This includes now a section listing all Managed Domains
-                with the DNS names, renewal status, lifetimes and main properties.
+                If enabled, adds a section to the
+                <module>mod_status</module> '<code>server-status</code>' handler
+                output which lists all Managed Domains with the DNS
+                names, renewal status, lifetimes and main properties.
              </p><p>
-                You can switch that off using this directive.
+                As with '<code>md-status</code>', the '<code>server-status</code>' output
+                <strong>must</strong> be protected from public view
+                using appropriate authorization restrictions.
              </p>
          </usage>
      </directivesynopsis>
diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c

index 9688714537656eb7b219a461c0ac7cebffeba1ae..fa118201ed23050f92315b0cf1d285490faafc82 100644 (file)
--- a/modules/md/mod_md_config.c
+++ b/modules/md/mod_md_config.c
@@ -77,7 +77,7 @@ static md_mod_conf_t defmc = {
      NULL,                      /* message cmd */
      NULL,                      /* env table */
      0,                         /* dry_run flag */
-    1,                         /* server_status_enabled */
+    0,                         /* server_status_enabled */
      1,                         /* certificate_status_enabled */
      &def_ocsp_keep_window,     /* default time to keep ocsp responses */
      &def_ocsp_renew_window,    /* default time to renew ocsp responses */
author	Joe Orton <jorton@apache.org>
	Wed, 10 Jun 2026 17:01:40 +0000 (17:01 +0000)
committer	Joe Orton <jorton@apache.org>
	Wed, 10 Jun 2026 17:01:40 +0000 (17:01 +0000)
changes-entries/md-status.txt	[new file with mode: 0644]	patch \| blob
docs/manual/mod/mod_md.xml		patch \| blob \| blame \| history
modules/md/mod_md_config.c		patch \| blob \| blame \| history