Using GUI apps with Apache

For a project I am working on, I need Apache to be able to access an application running in the user’s GUI. The safest (I think) thing to do is to add that user to the _www group, like this:

sudo dseditgroup -o edit -a `whoami` -t user _www

(Replace `whoami` with an actual username, if you want to get specific.)

Activating server-status, what I didn’t realize

Turning on server-status (and server-inf0) lets you keep an eye on your Apache server’s activity, etc. The docs I ran across said simply to enable:

LoadModule status_module libexec/apache2/

But that’s not the whole story. You’ve also got to add some directives to httpd.conf:

ExtendedStatus On

“ExtendedStatus” is optional, but it provides more info. The next part is required:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    #Allow from all
    Deny from all
    Allow from #autsys

This instructs Apache to respond to /server-status by generating… the server status! You might want to change the location to something more opaque (like: s-stat) if you are worried about snoopers.

You can also get a lot of information by activating server-info:

# Added by MRS 2010MAR19
<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from #autsys

Notice also the aggressive permissions: start by denying all access and then allowing only your IP address or address range. If you don’t have a fixed IP address, you maybe shouldn’t be doing this, eh?