Ubuntu Servers :: HTTP Response Into Apache Access Logs
Jul 6, 2011
I am new to web server support. I have a request from my management to modify the logging slightly. Effectively I need to redirect a custom string from our http response into the apache access logs. When a user navigates to our site they receive a "dye" number that is associated with them. This number follows them to whatever cluster they are directed too. The string is formatted as such, com-company-dye: d0a2#6dfce. I need that that header dye to appear in the access logs so we can use that dye number as a key for troubleshooting issues though out our various monitoring systems.
when I try to access any page even small html pages it stays like 3 seconds in HTTP request sent; waiting for response. state..even when I use Lynx locally on the server..bypassing any possible network issues..logs dont show a thing..the server itself is a high end server with nothing running on it apart from apache which is not serving anny clients now, firewall is disabled and hostnamelookups are set to OFF.
I am trying to setup my webserver and I am trying to make a website to run under suexec but somehow I cannot start my apache it directly fails and SELinux is giving me errors and don't really know what to do with it, it is giving me some command to type but not sure if this will make my server less secure. The SELinux error is as follow:
Code: Summary: SELinux prevented httpd reading and writing access to http files.
Detailed Description: SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ [URL] "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
Allowing Access: Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1"
Fix Command: setsebool -P httpd_unified=1
I will write down how I did setup my server so maybe you can see a mistake I did. First I changed my Apache httpd.conf I added the following to it: Code: NameVirtualHost 192.168.1.2:80 <VirtualHost 192.168.1.2:80> ServerName localhost DocumentRoot /var/www/html DirectoryIndex index.html index.html index.shtml index.php </VirtualHost>
Then I created the username "ulyaoth" with the group "ulyaoth" as I specified with my suexec, then I created all the directories as specified in my httpd.conf and "chown ulyaoth:ulyaoth (dirname)" them to the right group and username.
In a squeeze box, I installed awstats and it's working like a charm. Its cron job update the awstats database every 10 minutes (as it runs as root). But I would like to be able to update the statistics from the browser as well. So I setup everything as required and I gave "read" access to "others" to every apache log file. Now, a couple of questions came to my mind:
1. Am I compromising server's security giving "read" access to "others" to apache log files?
2. Instead of giving "read" access to "others", I could add www-data user to adm group (as apache log files are owned by root:adm and permissions are rw-r----). Is this more secure than giving "read" access to "others"? 3. If the option would be giving "read" access to "others" at the end, a log file would be owned by root:adm and its permissions be rw-r--r--. As apache rotates its log files, when Apache create a new log file, does it preserve the permissions (rw-r--r--) or create it with the default permissions (rw-r-----)?
I don't mind that apache logs "rotate". By that, I mean that periodically the most recent log is renamed "*.1" and the older logs are bumped up a number In my particular situation, I do mind that the log that was "*.4" is deleted rather than being renamed to "*.5" when that periodic renaming happens.
I know most of the other /var/log files have the same behavior. What does this? Can I change it so my apache logs are "rotated" up but aren't deleted? I know this will take some hard drive space, but I have a lot of it.
I have 2 web server in my office : http and https. You will find attached the httpd.conf and ssl.conf. I can acces the https server from home, but not the http one.
What I did : configure the router to forward port 80 to my fedora 11 machine open port 80 with system-config-network created a virtualhost
The same exact steps have been done for port 443
I can access both server locally but only the https server remotelly.
Here are my iptables :
you can try to acces my servers using [url]
I made httpd to listen to port 8080, and done all the port forwarding/opening stuf, and it works. so is it a bug ?
Finally found my error seams like turning off UseCanonicalName to off did the trick
I really think it's a bug now. It was definitively working last week, I just added content to the main host of my website, and now i can't acces it from port 80. If someone think it's not a bug or find someting missing/wrong in my conf file.
We had recently got some problem with our server(local server) and we recently upgraded from Ubuntu server 8.04 to 10.04 and we were not able to access awstats logs from web.So can any one say a method to get back the logs from the server?
I'm thinking about some ways to limit access to my web-server. It runs Nginx and php in FCGI. The server contains a large amount of information. The data is freely available and no authentication is required but other companies might like to mirror it and use on their own servers.
The requests could be limited on different levels: IP, TCP, HTTP (by nginx) or by the php application. I found some solutions (like Nginx's limit_req_zone directive), but they do not solve the second part of the problem: there's no way to define a whitelist of clients who are allowed to use the data.
I thought about an intellectual firewall that would limit the requests on IP basis, but I'm yet to find such device. Another way was to hack some scripts that would parse the log file every minute and modify the iptables to ban suspicious IPs. It would take days and I doubt this system will survive, say, 1000 requests per second.
Perhaps, some HTTP proxy, like Squid, could do this?
I'm trying to see regular http responses from my wireless ipad (victim) from my wired pc (attacker). Everything's working great but I can only see the http requests not the responses.
I've done much reading and googling and tried registering in more relevant forums but some forums were shutdown, so I've come here.
Code: # setup ip forwarding echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward # use ettercap to do the mitm using only mitm sudo ettercap --iface eth0 --text --plugin autoadd --only-mitm --mitm arp:remote /192.168.0.1/ /192.168.0.155/
I'm a little stumped on this one so I reaching out to see if anyone here has any idea. I just changed my ISP to Surewest as they're doing fiber straight to the house in my area so I have 8Mbps up and down.
I have my linux box running openssh and I have no problems SSHing into it from my remote laptop at work. I use putty to connect to it and create a tunnel so I can configure my firefox to use it as a SOCKS proxy. The problem is my response time for page loads in firefox is atrocious now. It'll take over a minute to load yahoo.com. The only real differences in my setup now are my ISP and router hardware at home. Previously, I was using the firewall that was built into my AT&T Uverse gateway. Now, I'm using my old Linksys WRT54G v5.0 router with the latest firmware. My linux box is wired directly into it with ethernet. When I run the speed tests from that box I get my correct speeds of 8Mbps up and down with <15ms ping. From what I can tell, all of my router settings are correct.
I need to install a program by using the address http://255.255.255.255. However, when I type this address in my browser, I get the following error: "Failed to connect. Firefox can't establish a connection to the server at 255.255.255.255. Though the site seems valid, the browser was unable to establish a connection." Is there an easy way to put this site into the air?
I installed Nagios on my Ubuntu 10.04 server using apt-get and when I accessed the web console, everything was OK. I made some changes to apache (creating some new virtual sites) and since then Nagios gives me a warning message for HTTP with the message, HTTP WARNING: HTTP/1.1 404 Not Found. The sites that I created are working perfectly. I noticed that the attemps are 4/4. Does this need to be reset or does Nagios automatically reset that once it detects the issue is resolved?
just switched our company from windows server to linux and everything is going good except we have 4 vpn connections though out the country coming to our server. All giving the client machines ip addresses of 192.168.x.x based on where they are located 192.168.1.x for the main location 192.168.2.x for a second location etc, and IIS could see the clients ip instead of the wan ip and was setup to block all ips except 192.168.x.x ip's and this worked great.
So i set up apache the same way, to allow only 192.168 ip's but i guess it doesn't work that way in apache for connections coming though vpn? 2 out of our 4 VPN connections are not static IP's, so the 2 that are I just add that ip to the allow list and that worked.But i don't think we should HAVE to get static ips for the other 2, that's one of the benefits of using VPN, especially if our old windows server didnt need it.Is there any way for apache to see the clients ip address for access or is there something somewhere else that needs changed for this?
I am running an apache server thru webmin, on a 8.04 install. Attempting to install awstats I have realized that access.log stopped writing some months ago. Went back thru the error logs and found I had deleted the virtual server, and started a new one. Everything else works fine, it never even occurred to me that logging would not also be restarted. I would just like to get it going again, any clues???
I came back to see on the screen a message requesting remote desktop control. So I said no and went into remote desktop and said never allow connection. I had recently hosted a PHP app on the home pc for testing purposes using apache. Here are some of the last logs entries:
I have no idea what is going on here and this is the second time it has done this but. I just installed Lucid Lynx Desktop Edition for my Server. I have installed apache php5 mysql binarys. I have 3 ips on the machine 10.0.1.30, 10.0.1.37, 10.0.1.38. .30 is the main ip 10/100 the rest are 10,100,1000 ports. I can only access Apache 2.2 over .37 or .38 but not .30
I have not used Ubuntu alot but I am starting to and this really pisses me off since all my computer have aliases to the machine through .30
I'm trying to set up a computer to allow a specific samba user to access and write to a folder on the web-server without any luck. I've tried creating symbolic links in the users home to the folder (/var/www/html/something) on the web server and from the server to a directory in the users home but neither seems to work. I haven't seen any errors from SELINUX either but I'm kind of stuck. Also tried adding a directory section and alias line to the httpd.conf but after doing that apache wouldn't start so I'm not really sure how this would be done properly.
I'm not sure is this is possible or not, but what I would like to do is take my public address mydomain.com and configure a virtual host something.mydomain.com only instead of having the content on the same server I would like it to point to the IP of my virtual machine that is in my private network and display that page publicly. Does anyone know if this is possible, or how to do it? I have done this with port forwards, but would like them both to be on the same port.
I have installed Ubuntu on four machines at work and have been blown away. On my machine I have Apache setup for web development and other machines can "see" it using my IP address. I would like to have it so they can access by the name of my computer though. I have no local DNS server so I guess I need to hard code the relationship in each machine? Ideally I'd actually like to be able to use subdomains (which I use locally to avoid annoying .htaccess path problems). i.e. from another machine on the network to go to [URL].
I am sure this information is out there somewhere, but Googling apache access.log and hostname does not give you any good leads... so I hope someone here might be able to provide me with a quick answer...I am setting up a cluster of web servers, so I would like to name the access.log and error.log with the hostname of the individual servers to be able to distinguish one from another.
Does anyone know of any software that can monitor the Apache logs for certain phrases or keywords then send an alert when found? For example I know an attempt to hack has been made when I see log entries like this....
/admin/ /admin/phpadmin/ /phpadmin/
But by the time I see it, the attempt has long since failed or succeeded. What I need is a way for my server to alert me WHILE someone is entering these phrases. I realize there may be a "hit" to performance but my server is not that busy anyway (except for hackers).
I noticed i have quite a few logs that end with .[number] for example "syslog.1" "mail.info.1" etc, why is this and why are they there since almost nothing is logged in them ??
Question 2: on my server im running a script like imagebam and imageshack with hosts images so i have quite a few apache requests to my server. I am wonder why apache takes up so much CPU for some of the requests? in Htop some requests take up 1.2% CPU while other take up 3-5% etc, so the total load is about 1.50 0.58 0.84 to 2.61 1.08 1.14 with about 128-150 apache requests all the time while sometimes the CPU load can be almost 0 with the same ammount of requests. is this normal? what could cause this in apache ?? the server is just running apache2. MYSQL is running on another server.
I have tftpd-hpa and dhcp3-server up and running. I just want to install server edition via network, from the host machine (my laptop, running ubuntu 9.10) with an ISO file (ubuntu 8.04 32-bit server edition). I managed to boot the client machine with pxe-netboot technique, but instead downloading all the files from internet, I need to do this process directly from ISO. To transfer ISO from host to client, I also installed Apache. I unpacked ISO file into /var/lib/tftpboot/server/. I created a link to the Apache root: /var/www
Code: ubuntu@ubuntu:/var/www$ ls returns => index.html server server folder is the place where I unpacked the ISO.
My dhcp3-server has this setup and it works well with netboot, but I don't know how to add Apache to the formula to transfer the iso file from host to client. Firewall is disabled. This is my edited /etc/dhcp3/dhcpd.conf file.
When I pxe-boot the client, the process comes to a halt when tftp server is trying to access to pxelinux.0 file. I got thls error: PXE-T00: Permission denied PXE-E36: Error received from TFTP server I have no experience with Apache... so I think there is a problem with my IP addresses.. Do I need to use 127.0.1.1 instead of 192.168.2.1 (my routers IP)?
I've installed webdav on my server and I can access it fine through cadaver. However, when I try to access it via nautilus, I get Forbidden. It is NOT secured (SSL). When I try to access it via firefox, I get an error since I DO NOT have "Options Indexes" in my apache config file. If I add this option in, then I can browse the root direction and webdav folder via firefox, but still not from nautilus. what other information you need. I've googled and searched the forums for awhile, but not "solutions" I found have worked for me. I want the webdav folder to just be a single folder within the direction, so this is how I have my config file setup:
As a side-note...when I included "Option Indexes", it allowed me to view the passwd.dav file from firefox!That doesn't seem very good...
For internal security reasons I need to prevent ourmcat logs from writing to the webserver local disk. We set up a separate logging server with rsyslog and need to pipe the log data to it.I am trying to work out how to configure tomcat to send all log data to the logging server via the rsyslog client (running locally) via a named pipe. We are on CentOS 5.6, Tomcat 6 and rsyslog 5.8.1. I need to know: 1) do we use the default logging library or log4j2) where is this configured in the tomcat config3) is there any code that would need to be written to achieve this