This can also lead to DOS issues, as I understand it, the Apache server-status pages are very computationally intensive to produce, and it requires stopping and polling every child.
Something like
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 10.0.0.0/24
</Location>
(where 10.0.0.0 is your local network range) will prevent external requests. This is mentioned in the linked through Apache documentation.
According to other commenters, this is only enabled for localhost by default, but if one is using a reverse proxy on localhost, all requests will appear to come from there. So be careful with this approach.
Something like
<Location /server-status>
</Location>(where 10.0.0.0 is your local network range) will prevent external requests. This is mentioned in the linked through Apache documentation.