How to enable Apache server-status page

The server-status page gives an immediate view of Apache worker usage, request flow, and current load, which helps separate slow backends, traffic spikes, and exhausted worker pools from each other before the problem turns into a full outage.

mod_status publishes that information at /server-status and exposes the same data in a machine-readable form through ?auto for scripts and monitoring. On current Debian and Ubuntu packages, /etc/apache2/mods-available/status.conf already ships the <Location /server-status> handler with Require local and ExtendedStatus On, so enabling the module is usually enough unless the file was changed earlier or the page must be reachable from a trusted admin network.

Status output can expose client addresses, requested URLs, worker state, and overall server activity, so access should stay limited to localhost or an explicit admin subnet. Commands below assume Debian or Ubuntu packaging with a2enmod, /etc/apache2/mods-available/status.conf, apache2ctl, and the apache2 systemd unit; in containers or other non-systemd environments, use apache2ctl graceful for the reload step instead.

Related: How to improve Apache performance
Related: How to secure Apache web server
Related: How to restrict access by IP in Apache

Steps to enable Apache server-status page:

  1. Enable the status module. 
    $ sudo a2enmod status
Module status already enabled

    Current Debian and Ubuntu packages usually install the default status-page snippet together with the module definition, so this command often confirms the module is already active rather than changing anything.

    Related: How to enable or disable Apache modules

  2. Inspect the packaged status-page configuration. 
    $ sudo sed -n '1,20p' /etc/apache2/mods-available/status.conf
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.

<Location /server-status>
    SetHandler server-status
    Require local
    #Require ip 192.0.2.0/24
</Location>

# Keep track of extended status information for each request
ExtendedStatus On

    Current Ubuntu and Debian packages already ship a localhost-only /server-status block. Leave Require local in place unless the page must be reachable from a trusted admin network.

  3. If the file was customized previously or remote admin access is required, edit /etc/apache2/mods-available/status.conf so the status handler exists and access stays restricted. 
    $ sudoedit /etc/apache2/mods-available/status.conf
    <Location /server-status>
    SetHandler server-status
    Require local
    #Require ip 192.0.2.0/24
</Location>

ExtendedStatus On

    Do not publish /server-status openly without an allowlist or authentication because the page can reveal current requests, client addresses, and worker state.

    Add one or more Require ip rules alongside Require local when both local and remote admin access are needed, or replace Require local only when the endpoint should be reachable exclusively from the trusted admin subnet.

    Related: How to restrict access by IP in Apache

  4. Validate the Apache configuration syntax. 
    $ sudo apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.0.2.10. Set the 'ServerName' directive globally to suppress this message
Syntax OK

    The AH00558 line is a hostname warning, not a syntax failure.

    Related: How to test Apache configuration

  5. Reload Apache so the status handler becomes active with the current configuration. 
    $ sudo systemctl reload apache2

    On hosts where systemd is not managing Apache, use sudo apache2ctl graceful instead.

    Related: How to manage the Apache web server service

  6. Verify the machine-readable status endpoint locally. 
    $ curl -sS http://127.0.0.1/server-status?auto | head
127.0.0.1
ServerVersion: Apache/2.4.58 (Ubuntu)
ServerMPM: event
Server Built: 2026-03-05T17:31:54
CurrentTime: Thursday, 09-Apr-2026 04:21:34 UTC
RestartTime: Thursday, 09-Apr-2026 04:21:32 UTC
ParentServerConfigGeneration: 1
ParentServerMPMGeneration: 0
ServerUptimeSeconds: 2
ServerUptime: 2 seconds

    Use the HTML page at /server-status when the worker scoreboard or current requests are easier to inspect visually, and use ?auto for scripts or monitoring.

  7. If the page should remain local-only, test from a different machine that is not in the allowlist and confirm Apache returns HTTP 403. 
    $ curl -I http://192.0.2.40/server-status
HTTP/1.1 403 Forbidden
Date: Thu, 09 Apr 2026 04:21:34 GMT
Server: Apache/2.4.58 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1

    This negative test must run from another host or a separate network namespace. A request generated on the Apache host can still satisfy Require local when the client and server addresses are both local.