diff --git a/CHANGELOG.md b/CHANGELOG.md
index ccef7b7e..bdfcd6a1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
### Changed
* apache: rotate logs daily instead of weekly
+* apache: deny requests to ^/evolinux_fpm_status-.*
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
* cerbot: use the legacy script on Debian 8 and 9
* evoacme: upstream release 21.01
diff --git a/apache/files/evolinux-defaults.conf b/apache/files/evolinux-defaults.conf
index 348717ea..e5eadda8 100644
--- a/apache/files/evolinux-defaults.conf
+++ b/apache/files/evolinux-defaults.conf
@@ -9,16 +9,19 @@ StartServers 50
MinSpareServers 20
MaxSpareServers 30
MaxRequestsPerChild 0
+
AllowOverride None
Require all granted
# "Require not env XXX" is not supported :(
Deny from env=GoAway
+
-SSLProtocol all -SSLv2 -SSLv3
-SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
+
Require all denied
@@ -31,6 +34,10 @@ SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
-LimitUIDRange 0 6000
-LimitGIDRange 0 6000
+ LimitUIDRange 0 6000
+ LimitGIDRange 0 6000
+
+
+ Require all denied
+