Don't log certain requests in Apache access.log - apache

I recently replaced Google Analytics by the self-hosted analytics tool Piwik.
This means that every time someone connects my website http://www.mywebsite.com, a Javascript tracking code is executed on the client, that calls my Piwik server http://www.mywebsite.com/piwik/piwik.php
Result:
on my server's Apache access.log, there is a line about http://www.mywebsite.com, that's normal
in my Piwik database, an information is stored about this visit, this is normal
on my server's Apache access.log, there is a line about the fact my Piwik server received a tracking request (executed by client with JS)
The logging part 3. is clearly too much!
From now, since Piwik in installed, my access.log is double sized!
How to remove the fact that Apache logs in access.log the connection to http://www.mywebsite.com/piwik/piwik.php ? i.e. client JS tracking code <--> Piwik server ?

The solution is to disable logging of certain requests (for example in
/etc/apache2/sites-available/000-default.conf with Debian 8):
<VirtualHost *:80>
ServerName www.mywebsite.com
DocumentRoot /home/www/mywebsite
...
SetEnvIf Request_URI "^/piwik(.*)$" dontlog
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined env=!dontlog
</VirtualHost>

The Apache manual contains a section on conditional logging
https://httpd.apache.org/docs/2.4/logs.html
What you need to do is set an environment variable when a condition is met (path is piwik/piwik.php)? Then you can use that environment variable in the apache log file configuration.

Disabling your tracking logs in Apache log file is not the best idea. If your Piwik will crash for some reason or your tracking will not work for some period of time (eg. over the weekend) you will loose your data.
Apache logs can save you here, you can then replay your traffic using LogAnalytics: http://piwik.org/log-analytics/#logfile
It is better to have reasonable log file storing policy then removing data from your log.

Related

Apache as a proxy for multiple nginx servers

I'm starting from the bitnami jenkins stack. Everything is working perfectly with jenkins.
http://sample:8080/jenkins (works fine)
I'm trying to add additional directories to apache to proxy to nginx:
http://sample:8080/other_tool
I can get to the other_tool homepage, but references to that other tool break down because they are looking for http://sample:8080/relative_url rather than http://sample:8080/other_tool/relative_url
I can pull config settings from the necessary files as needed, but it is on an air-gapped network so wholesale posting would be a challenge
The apache conf looks like:
<Directory /other_tool>
ProxyPass http://localhost:9999
ProxyPassReverse http://localhost:9999
</Directory>
The nginx configuration is a standard "/" with root directory. I'm not as familiar with nginx so I can't recall the exact information off the top of my head. If needed I will provide it.
I could try to switch the jenkins hosting over to nginx, but I'm not sure that simplifies anything.
I can't open more ports on the machine. I can't use a subdomain as that would require additional DNS entries that I do not control.
Ideas or suggestions?

HTML 500 error page for .htaccess errors

I know what HTML 500 errors are and I know how to research solving them,
I run a server with apache 2 and admin control is through cPanel and WHM.
What I am looking for is some guidance on how to feed back a useful and informative HTML 500 error page to the end user, after it has occurred on my website.
I have read: PHP: 500 Error to error page
and https://ux.stackexchange.com/questions/15955/how-to-create-a-useful-500-internal-server-error-page
but these don't seem to be what I'm looking for, for example http://www.smashingmagazine.com/2011/05/27/getting-started-with-defensive-web-design/ (referenced from one of the above links) tells me how to design the art work for the 500 error page but no indication as to how to deploy this page when the error occurs.
My most common point of the rare times I do have a few moments of HTML 500 errors, is with errors in the .htaccess file, for the website, this website may only be down for a few minutes but with ~50k visitors a month, this down time, even if momentary, will be seen by dozens of people and really should be presented well, nicely, informative and not the current standard which is:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
I have a server error page for 500 errors already set up and created and loadable in my server admin (cPanel), but the error page example (above) claims not to be able to find it, I also have an errorDocument handle in .htaccess which directs to this same page.
So my question is:
What processes do I need to set up to deploy a coherent and informative error 500 page when I get these errors?
specifically when I have .htaccess errors
I have a feeling that due to the nature of the error (server) it means that error pages can not be deployed from the same server as the error occurs, so the server can not work asynchronously?
Does the above mean that HTML 500 errors are only really deployable from multi-server situations or CDNs?
I have a feeling that due to the nature of the error (server) it means that error pages can not be deployed from the same server as the error occurs, so the server can not work asynchronously?
Does the above mean that HTML 500 errors are only really deployable from multi-server situations or CDNs?
I'd say they are only reliably deployable from a multi-server configuration.
The math is really simple:
An error page is itself a request to the server.
If the server is unable to complete requests due to misconfiguration or faulty code, there is no way to guarantee that the same will not happen to an error page.
But ultimately, it depends on your config.
If, for example, you make a mistake in a .htaccess file in some subfolder, causing infinite recursion, the error page will load just fine, provided it is not served from that directory.
If, however, you cause infinite redirection on all URLs, then the request to the error document will be affected by this too, which is precisely what happens when the server tells you:
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
This is like reporting a bug reporter bug - depending on its severity, this might or might not be possible.
If there is another server with a separate configuration, it will not be affected by the failures of server 1.
It doesn't need to be a physical server, simply launching a second web server will do as long as
one acts as a proxy or load balancer for the other
that proxy is configured to redirect responses from the other server with status code 500
that proxy is itself not misconfigured
For apache, using mod_proxy_balancer, such a configuration could look like
<VirtualHost *:80>
ServerName 127.0.0.1
DocumentRoot /var/www/errorpages/
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias *.example.com
ServerAlias example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / balancer://whatever/
ProxyPassReverse / balancer://whatever/
<Proxy balancer://whatever/>
ProxySet failonstatus=500
BalancerMember http://127.0.0.1:42 retry=1
BalancerMember http://127.0.0.1:80 status=+H
</Proxy>
</VirtualHost>
This server would need to be started on port 80, and would pass all incoming requests to port 42 (hence the other server would need to listen to port 42, advisably only on 127.0.0.1). If any of the responses returned by the server running on port 42 were to have a status code of 500, the server on port 80 would resend the request to port 80 on 127.0.0.1, thus passing the request to itself, but with a different Host header, so that it wouldn't hit the load balancer again.

Can you disable apache logs for a single site using htaccess or in the Virtual Host settings?

I'm working on a web site where the client doesn't want ANY logging on the site for privacy reasons. The site will be hosted on the same Apache Web Server as a number of other websites which is why I can just turn logging off in Apache. Is there some way to disable logging for an individual site using htaccess rules or by adding something to the VirtualHost settings?
The options seem to be
Sending to /dev/null on *nix or C:/nul on Windows (see here)
Removing the base logging directives and duplicating them in each vhost (so there is no logging on for vhosts by default)
Seems like there should be some better way to do this, but that's what I've found.
Yes, just comment out (using a '#') the ErrorLog and CustomLog entries in the httpd conf for your virtual host.
http://www.mydigitallife.info/how-to-disable-and-turn-off-apache-httpd-access-and-error-log/
I achieve this by making the logging dependent on a non-existing environment variable. So in the VirtualHost you can have:
CustomLog /var/log/httpd/my_access_log combined env=DISABLED
and so long as there is no environment variable called DISABLED then you'll get no logs.
I actually arrived here looking for a neater solution but this works without having to change the global httpd.conf.
Edit: removed reference to .htaccess because CustomLog only applies in the global config or in the virtual host config as pointed out by #Basj

How do I configure Apache to forward some URLs to my servlet container regardless if the file exists

How do I configure Apache to forward a URLa of a certain extension, say *.htm to my Servlet container, in this case, Resin, without first checking for the file's existence.
Currently, if Apache can not find the requested file in the directory structure, it serves a 404, even though my web.xml Servlet mapping would handle the request if forwarded.
I've temporarily resorted to placing an empty file matching the requested file within my web structure (i.e. c:/dir/dir/index.htm) so that Apache forwards the request.
Resin's Apache configuration is a bit different than Tomcat's (below), however the problem seems to exist entirely within Apache since the request never makes it to Resin.
Help would be greatly appreciated.
LoadModule caucho_module c:/resin-pro/win32/apache-2.0/mod_caucho.dll
NameVirtualHost *
<VirtualHost *>
ServerName sub.domain.com
DocumentRoot c:/web
ResinConfigServer sub.domain.com 6802
</VirtualHost>
You need to read How the Plugins Dispatch to Resin and explicitly configure the URLs you want to be handled by Resin to be forwarded to Resin:
mod_caucho discovers its configuration by contacting the ResinConfigServer specified
in the httpd.conf or resin.ini. The ResinConfigServer can be any Resin server. When a
user requests a URL, mod_caucho uses the configuration it has determined from the
ResinConfigServer to determine whether Resin or Apache should handle the request.
That decision is based on the configuration in the ResinConfigServer's resin.conf.
This means if you want certain URLs to be handled by Resin, you need to configure it this way in your resin.conf.

Apache: Multiple log files?

What are the access.log.* files?
Apache, I believe, does log rotation. So these would be the older log files with the access.log file being the current one.
Apache / apache2 itself doesn't do its own log rotation. On *nix systems, logs (including logs by Apache) are usually rotated via logrotate, a command which looks like a service but is actually only a script triggered by cron in defined intervals. (#nobody already pointed that out in comments). One default logrotate configuration appends ".1" to an older, rotated log, so a file like access.log.1 would end up in your logs directory. This is what you are probably seeing.
Is it possible to have apache log to multiple log files?
The question's title can be ambiguous. For anyone coming here to learn if it is possible to make Apache write to multiple log files simultaneously, the answer is: Yes.
The TransferLog or CustomLog directives are used to define logfiles. These directives can be repeated to make Apache write to more than one log file. This also works for VHOSTS / Virtual Host entris. Only ancient Apache releases were limited to only one logfile per server configuration.