Log arbitrary messages in Apache (httpd.conf file) - apache

I am trying to figure out a way to set up Apache for multiple projects on my development machine. Trying to get to the basics of it before configuring virtualhosts. My idea is switch active projects by setting and reading OS environment variables. Something like this:
Define PROJECT_ROOT osenv('APACHE_PROJECT_ROOT')
Define ACTIVE_PROJECT osenv('APACHE_ACTIVE_PROJECT')
DocumentRoot "%{PROJECT_ROOT}%{ACTIVE_PROJECT}"
<Directory "%{PROJECT_ROOT}%{ACTIVE_PROJECT}">
This isn't working and I really need a method to figure out what is happening in my httpd.conf file. Can I log arbitrary messages? Something like log "test" or log debug_log "%{MY_VARIABLE}"?

I think I have the logging set up:
LoadModule log_debug_module lib/httpd/modules/mod_log_debug.so
LogLevel info
LogMessage "hi world"
This will throw a log message for every request. Somehow it does not work with variables:
Define TEST test
LogMessage %{TEST}
This causes Apache to crash. Not sure why or how I can find out.

Related

apache and IP oddities

I installed Apache 2.4 in order to publish a java (Struts2) application using Tomcat 8 as AS.
For a while it worked out well then something happened "strange" (to put it mildly).
By typing "http://localhost/appName" all continues to work out wonderfully.
Typing "http://publicIP/AppName " it opens pop up asking for a password to access the network printer!
The PC address on which they reside, Servers and Application, is 192.168.0.104, the one of the printer is just 193.168.0.103, exactly the previous by the point of view of the router (working in DHCP mode).
But (I may be *** but not to this extent) to the PC I manually set 104 as the fixed IP (which is still set - and anyway, when I check the Client List on the monitor of the router, I find right 104 as IP assigned to the PC).
No one has changed the settings to httpd.conf (ServerName is always 104), let alone the various mod_jk.conf or workers.properties or server.xml of Tomcat (so much so that, as I said, typing in the browser the local address all still works)!
...what could possibly have happened?
It sounds like your firewall is port forwarding port 80 to the private IP of the printer, rather than the apache server. The fact that you're getting the printer means the problem is not related to the apache or tomcat configuration.
Something new happened so I think Apache or Tomcat conf is related.
I restarted the router: at first, typing in the browser "http:// publicIP/appName", all was working, after several minutes, typing the app address, it asks me if i wanna download a (unspecified) file and accessing directly to Apache (typing "http:// publicIP") it answers "It works"!
Accessing to "http:// localhost/appName" anytime all works fine!
I restarted the router for a second time: accessing to "http:// publicIP/appName", error message "File not found" and typing "http:// publicIP", it asks me the pw to access to an IPcam! I thinked: "It's trivial! if it aims for the IPcam... it can't find my app!" ("http:// localhost/appName" ever all fine, of course!)
But no: i restarted for a third! Maybe all ok for several minutes and after: "http://publicIP/appName" returns still a "File not found" message but "http://publicIP" tells me "It works!"...!!!
Maybe the connector (or the connector configuration) bears some responsibility for this whole mess?
If my suspicious can have some substance I add the code.
I've a basic manual configuration:
at the end of httpd.conf
include "C:/Program Files/apache-tomcat-8.0.23/conf/jk/mod_jk.conf"
in mod_jk.conf:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile "C:/Program Files/apache-tomcat-8.0.23/conf/jk/workers.properties"
(JkLogFile, JkLogLevel, JkLogStampFormat, JkOptions, JkRequestLogFormat are also set)
JkMount /appName ajp13
JkMount /appName/* ajp13
in workers.properties:
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=10009
worker.ajp13.lbfactor=50
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300
and finally, in server.xml:
Connector port="10009" protocol="AJP/1.3" redirectPort="8443" enableLookups="false" /
thank you!
PS - I have another suspicious too: the IPcam remote monitor works on port 80... there may be some relationship? (but that don't explain the download request...)

I am trying to forward my apache logs to rsyslog then to splunk

I am trying to make all of my apache and drush logs forward to my Splunk server via rsyslog.
First, in my /etc/httpd/conf/httpd.conf file I change the entry:
ErrorLog var/log/httpd/error_log
to:
ErrorLog syslog:local1
as described at: http://wiki.rsyslog.com/index.php/Working_Apache_and_Rsyslog_configuration
Then in /etc/rsyslog.conf, I add:
# Save apache messages to apache.log
local1.* /var/log/apache.log
to have the logs prefixed with local1. to the local file /var/log/apache.log
and then:
local1.* ##splunk.myserver.com:8002
where my splunk server is set to listen for tcp connections on port 8002.
I haven't made an attempt at drush yet. The problem is that apache is logging fine to the previous setting to log to /var/log/httpd/error_log, but after I make my changes nothing goes to /var/log/apache.log or to my splunk server.
I restart both rsyslog and apache after making my changes to conf files.
I met the same thing
I fix it follow this: 1 make a error log, like access http://192.168.1.10/sadaf.php. Then to see the /var/error.log have it?
If have it, I test splunk server use port 514,and the sourcetype use syslog.
You can try it.

How to use environment variables in apache vhost

I have a environment variable called DISTANT_APP_ADDR:
$ echo $DISTANT_APP_ADDR
$ 172.17.0.102
I want to use this variable in my vhost, so I've added in the /etc/apache2/envvars file :
export DISTANT_APP_ADDR=${DISTANT_APP_ADDR}
In my vhost :
FastCgiExternalServer /var/www/cgi-bin/php5.external -host ${DISTANT_APP_ADDR}:9000
But when I restart apache, I've the error :
$ service apache2 restart
$ FastCgiExternalServer /var/www/cgi-bin/php5.external: failed to resolve "" to exactly one IP address
By replacing ${DISTANT_APP_ADDR} in the envvars file with the real value it's working.
I've also to to put a PassEnv DISTANT_APP_ADDR in my vhost file, but the result is the same.
How can I pass my env vars to my vhost file ?
export DISTANT_APP_ADDR=${DISTANT_APP_ADDR}
is nonsense. It does nothing if DISTANT_APP_ADDR is already set, and if it isn't set -- how does it know what to set?
You don't WANT the start script pulling your environment variable either. Suppose you, or someone else, does an apachectl restart one time, and you've forgotten you changed your env variable for some reason, 30 minutes ago. This is an administrator's nightmare - your web app "suddenly" stops working, but there's no change to any config file. It will be very very difficult to find out what went wrong.
So, by all means, set the DISTANT_APP_ADDR to something constant. Or use the SetEnv directive in httpd.conf or in some vhost config file. But never make a server service dependent on the environment the user happened to have when he started the service. (And when your system boots up, and apache gets started, the startup code doesn't know you're setting the variable in your .profile anyway).
If you really really want to shoot yourself in your foot, add
echo "DISTANT_APP_ADDR='$DISTANT_APP_ADDR'" > /tmp/apachefile
to the end of your .profile, and include that file into your envvars file.

Internal Error 500 Apache, but nothing in the logs?

I'm getting 500 Internal Server errors when I try to make an HTTP POST to a specific address in my app. I've looked into the server logs in the custom log directory specified in the virtual hosts file, but the error doesn't show up there so debugging this has been a pain in the ass.
How do I cause Apache to log Internal 500 errors into the error log?
This is an Ancient answer from 2013, back when PHP was new and security wasn't an issue:
Here in the future it's a security risk to dump errors to screen like this. You better not be doing this in any production setting.
Why are the 500 Internal Server Errors not being logged into your apache error logs?
The errors that cause your 500 Internal Server Error are coming from a PHP module. By default, PHP does NOT log these errors. Reason being you want web requests go as fast as physically possible and it's a security hazard to log errors to screen where attackers can observe them.
These instructions to enable Internal Server Error Logging are for Ubuntu 12.10 with PHP 5.3.10 and Apache/2.2.22.
Make sure PHP logging is turned on:
Locate your php.ini file:
el#apollo:~$ locate php.ini
/etc/php5/apache2/php.ini
Edit that file as root:
sudo vi /etc/php5/apache2/php.ini
Find this line in php.ini:
display_errors = Off
Change the above line to this:
display_errors = On
Lower down in the file you'll see this:
;display_startup_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
;error_reporting
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
The semicolons are comments, that means the lines don't take effect. Change those lines so they look like this:
display_startup_errors = On
; Default Value: Off
; Development Value: On
; Production Value: Off
error_reporting = E_ALL
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
What this communicates to PHP is that we want to log all these errors. Warning, there will be a large performance hit, so you don't want this enabled on production because logging takes work and work takes time, time costs money.
Restarting PHP and Apache should apply the change.
Do what you did to cause the 500 Internal Server error again, and check the log:
tail -f /var/log/apache2/error.log
You should see the 500 error at the end, something like this:
[Wed Dec 11 01:00:40 2013] [error] [client 192.168.11.11] PHP Fatal error:
Call to undefined function Foobar\\byob\\penguin\\alert() in /yourproject/
your_src/symfony/Controller/MessedUpController.php on line 249
I just ran into this and it was due to a mod_authnz_ldap misconfiguration in my .htaccess file. Absolutely nothing was being logged, but I kept getting a 500 error.
If you run into this particular issue, you can change the log level of mod_authnz_ldap like so:
LogLevel warn authnz_ldap_module:debug
That will use a log level of debug for mod_authnz_ldap but warn for everything else (https://httpd.apache.org/docs/2.4/en/mod/core.html#loglevel).
Check your php error log which might be a separate file from your apache error log.
Find it by going to phpinfo() and check for error_log attribute.
If it is not set. Set it: https://stackoverflow.com/a/12835262/445131
Maybe your post_max_size is too small for what you're trying to post, or one of the other max memory settings is too low.
If your Internal Server Error information doesn't show up in log files, you probably need to restart the Apache service.
I've found that Apache 2.4 (at least on Windows platform) tends to stubbornly refuse to flush log files—instead, logged data remains in memory for quite a while. It's a good idea from the performance point of view but it can be confusing when developing.
Please Note: The original poster was not specifically asking about PHP. All the php centric answers make large assumptions not relevant to the actual question.
The default error log as opposed to the scripts error logs usually has the (more) specific error. often it will be permissions denied or even an interpreter that can't be found.
This means the fault almost always lies with your script. e.g you uploaded a perl script but didnt give it execute permissions? or perhaps it was corrupted in a linux environment if you write the script in windows and then upload it to the server without the line endings being converted you will get this error.
in perl if you forget
print "content-type: text/html\r\n\r\n";
you will get this error
There are many reasons for it. so please first check your error log and then provide some more information.
The default error log is often in /var/log/httpd/error_log or /var/log/apache2/error.log.
The reason you look at the default error logs (as indicated above) is because errors don't always get posted into the custom error log as defined in the virtual host.
Assumes linux and not necessarily perl
The answers by #eric-leschinski is correct.
But there is another case if your Server API is FPM/FastCGI (Default on Centos 8 or you can check use phpinfo() function)
In this case:
Run phpinfo() in a php file;
Looking for Loaded Configuration File param to see where is config file for your PHP.
Edit config file like #eric-leschinski 's answer.
Check Server API param.
If your server only use apache handle API -> restart apache.
If your server use php-fpm you must restart php-fpm service
systemctl restart php-fpm
Check the log file in php-fpm log folder. eg /var/log/php-fpm/www-error.log
Please check if you are disable error reporting somewhere in your code.
There was a place in my code where I have disabled it, so I added the debug code after it:
require_once("inc/req.php"); <-- Error reporting is disabled here
// overwrite it
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Add HttpProtocolOptions Unsafe to your apache config file and restart the apache server. It shows the error details.
In my case it was the ErrorLog directive in httpd.conf. Just accidently noticed it already after I gave up. Decided to share the discovery )
Now I know where to find the 500-errors.
Check that the version of php you're running matches your codebase. For example, your local environment may be running php 5.4 (and things run fine) and maybe you're testing your code on a new machine that has php 5.3 installed. If you are using 5.4 syntax such as [] for array() then you'll get the situation you described above.
Try accessing a static file. If this is not working either then
go to all directories from the root "/" or "c:\" to the directory of your file and check if they contain ".htaccess" files.
I once left a file in "c:\" and it had the most strange results.

Apache: Multiple log files?

What are the access.log.* files?
Apache, I believe, does log rotation. So these would be the older log files with the access.log file being the current one.
Apache / apache2 itself doesn't do its own log rotation. On *nix systems, logs (including logs by Apache) are usually rotated via logrotate, a command which looks like a service but is actually only a script triggered by cron in defined intervals. (#nobody already pointed that out in comments). One default logrotate configuration appends ".1" to an older, rotated log, so a file like access.log.1 would end up in your logs directory. This is what you are probably seeing.
Is it possible to have apache log to multiple log files?
The question's title can be ambiguous. For anyone coming here to learn if it is possible to make Apache write to multiple log files simultaneously, the answer is: Yes.
The TransferLog or CustomLog directives are used to define logfiles. These directives can be repeated to make Apache write to more than one log file. This also works for VHOSTS / Virtual Host entris. Only ancient Apache releases were limited to only one logfile per server configuration.