Password Protect Apache’s Server-status Page

The docs show how to configure access control using an environment variable with mod_setenvif. Using the technique described in the docs, I was able to password protect apache’s server-status page.

<Location /server-status>
    SetHandler server-status
    SetEnvIf Request_URI "mypassword" continue=1
    Order deny,allow
    Deny from all
    Allow from env=continue
</Location>

Now only you can access the page by going to: http://server.com/server-status/mypassword/
The downside to using the Request_URI attribute is that the password will be visible in your browser history.