How to enable server-status page in Apache

The server-status endpoint provides a real-time snapshot of Apache worker utilization and connection state, which helps pinpoint whether slow responses are caused by a saturated MPM, long-running requests, or an unexpected traffic spike.

The page is served by mod_status as a handler (commonly at /server-status) and can be viewed as HTML or consumed in a machine-readable format via ?auto for scripts and monitoring. With ExtendedStatus enabled, additional per-request counters become visible alongside the worker “scoreboard” that summarizes what each thread/process is doing.

Because status output can reveal sensitive operational details (server version, vhost names, client IPs, and request URLs), access should be restricted to localhost or a trusted admin network before relying on it. The commands below target Debian or Ubuntu packaging where Apache uses /etc/apache2, a2enmod, and the apache2 systemd service.

Steps to enable server-status page in Apache:

Enable the status module.
```
$ sudo a2enmod status
Module status already enabled
```
Related: How to manage the Apache web server service

Back up /etc/apache2/mods-available/status.conf before editing.

$ sudo cp --archive /etc/apache2/mods-available/status.conf /etc/apache2/mods-available/status.conf.bak

Update /etc/apache2/mods-available/status.conf to expose /server-status to localhost only.
```
$ sudo tee /etc/apache2/mods-available/status.conf >/dev/null <<'EOF'
<IfModule mod_status.c>
    ExtendedStatus On

    <Location /server-status>
        SetHandler server-status
        Require ip 127.0.0.1 ::1
    </Location>
</IfModule>
EOF
```
Do not allow unauthenticated public access to /server-status because it can reveal client IPs, request URLs, and worker state.

Replace Require ip 127.0.0.1 ::1 with a trusted admin subnet when remote access is required (for example, Require ip 192.0.2.0/24).
Validate the Apache configuration syntax.
```
$ sudo apachectl configtest
Syntax OK
```
Related: How to test your Apache configuration
Reload Apache to apply the configuration.
```
$ sudo systemctl reload apache2
```
Related: How to manage the Apache web server service

Verify the machine-readable endpoint returns status output locally.

$ curl -s http://127.0.0.1/server-status?auto | head
127.0.0.1
ServerVersion: Apache/2.4.58 (Ubuntu)
ServerMPM: event
Server Built: 2025-08-11T11:10:09
CurrentTime: Saturday, 10-Jan-2026 12:57:08 +08
RestartTime: Saturday, 10-Jan-2026 12:20:22 +08
ParentServerConfigGeneration: 2
ParentServerMPMGeneration: 1
ServerUptimeSeconds: 2205
ServerUptime: 36 minutes 45 seconds

From a host outside the allowed IP range, confirm the endpoint returns HTTP 403.
```
$ curl -sI http://192.0.2.40/server-status
HTTP/1.1 403 Forbidden
Date: Sat, 10 Jan 2026 04:57:08 GMT
Server: Apache/2.4.58 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
```
Run the command from a host that is not included in the allowed Require ip list to confirm the restriction is effective.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.