Disable apache access log for openshift's app health check - apache

I realized Openshift makes health checks in my app each 2/3 seconds, generating a lot of redundant junk in the apache's log. How can i disable log from openshift's health check servers?
Thanks!

You can perform access logging conditionally, see Conditional Logs. I do not know how Openshift access can be identified, but defining an appropriate SetEnvIf should be feasible. Then, as mentioned, add the negated environment variable to your logging definition:
CustomLog logs/access_log common env=!dontlog

A more complete example will be...
SetEnvIf Request_URI "^/metrics$" skiplog
CustomLog logs/access.log combined env=!skiplog
Where your application exports metrics for Prometheus at the usual /metrics endpoint.

Related

Apache 2.2 Allow from env=_variable_

I have an Apache 2.2 set up with LDAP Authorization, which is working fantastically as expected, and have also made it so that I can bypass Authentication when accessing it locally.
Allow from localIP hostnameA hostnameB, etc...
If I curl from the server, I don't get any Auth Required. So all good and working as expected.
What I need now is to make one particular URL to also bypass authorisation.
I have tried all the usual solution of using SetEnvIf;
SetEnvIf Request_URI "^/calendar/export" bypassauth=true`
Allow from env=bypassauth IP_ADDRESS HOSTNAME_A HOSTNAME_B
But this is just not working!!
Local access is still unrestricted, but remotely it is not (no change there)
If I dump out my server environment variables on that URL's script, I can see my bypassauth variable is being passed.
I just cannot for the life of me figure out why the Allow from env=bypassauth part is not working, while it still obeys the additional directive parameters.
I also tried another suggestion, using the Location directive;
<Location /calendar/export>
Satisfy Any
Allow from all
AuthType None
SetEnv WTF 123
</Location>
Again, I can see my new environmental variable (WTF) appear on this URL (when I dumped the server envs in the script), so I know that the SetEnv and SetEnvIf directives are working.
Is there anything I'm missing (any Apache2.2 quirks?), as all the solutions I've seen so far just are not working. It's as if my Allow from changes are having no effect after restarting Apache. I'm starting to feel my sanity slip.
Is there also a particular order when writing the directives for Satisfy Any, Order allow, deny and the Auth* directives, which might be effecting this?
Finally managed to figure it out!! :)
Seems my url was being processed by mod_rewrite (my environmental variable being prefixed by REWRITE_ should have rung alarm bells), which according to this post https://stackoverflow.com/a/23094842/4800587, the mod_rewrite is performed AFTER our SetEnvIf and Allow directives.
Anyway, long story short; I used the rewritten/final URL and the Location section to bypass authentication using the Allow any directive. So I changed...
<Location "/calendar/export">
Allow from all
</Location>
to..
<Location "/calendar/index.php/export">
Allow from all
</Location>
which is the final URL (after rewrite), and now works.

Don't log certain requests in Apache access.log

I recently replaced Google Analytics by the self-hosted analytics tool Piwik.
This means that every time someone connects my website http://www.mywebsite.com, a Javascript tracking code is executed on the client, that calls my Piwik server http://www.mywebsite.com/piwik/piwik.php
Result:
on my server's Apache access.log, there is a line about http://www.mywebsite.com, that's normal
in my Piwik database, an information is stored about this visit, this is normal
on my server's Apache access.log, there is a line about the fact my Piwik server received a tracking request (executed by client with JS)
The logging part 3. is clearly too much!
From now, since Piwik in installed, my access.log is double sized!
How to remove the fact that Apache logs in access.log the connection to http://www.mywebsite.com/piwik/piwik.php ? i.e. client JS tracking code <--> Piwik server ?
The solution is to disable logging of certain requests (for example in
/etc/apache2/sites-available/000-default.conf with Debian 8):
<VirtualHost *:80>
ServerName www.mywebsite.com
DocumentRoot /home/www/mywebsite
...
SetEnvIf Request_URI "^/piwik(.*)$" dontlog
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined env=!dontlog
</VirtualHost>
The Apache manual contains a section on conditional logging
https://httpd.apache.org/docs/2.4/logs.html
What you need to do is set an environment variable when a condition is met (path is piwik/piwik.php)? Then you can use that environment variable in the apache log file configuration.
Disabling your tracking logs in Apache log file is not the best idea. If your Piwik will crash for some reason or your tracking will not work for some period of time (eg. over the weekend) you will loose your data.
Apache logs can save you here, you can then replay your traffic using LogAnalytics: http://piwik.org/log-analytics/#logfile
It is better to have reasonable log file storing policy then removing data from your log.

Can you disable apache logs for a single site using htaccess or in the Virtual Host settings?

I'm working on a web site where the client doesn't want ANY logging on the site for privacy reasons. The site will be hosted on the same Apache Web Server as a number of other websites which is why I can just turn logging off in Apache. Is there some way to disable logging for an individual site using htaccess rules or by adding something to the VirtualHost settings?
The options seem to be
Sending to /dev/null on *nix or C:/nul on Windows (see here)
Removing the base logging directives and duplicating them in each vhost (so there is no logging on for vhosts by default)
Seems like there should be some better way to do this, but that's what I've found.
Yes, just comment out (using a '#') the ErrorLog and CustomLog entries in the httpd conf for your virtual host.
http://www.mydigitallife.info/how-to-disable-and-turn-off-apache-httpd-access-and-error-log/
I achieve this by making the logging dependent on a non-existing environment variable. So in the VirtualHost you can have:
CustomLog /var/log/httpd/my_access_log combined env=DISABLED
and so long as there is no environment variable called DISABLED then you'll get no logs.
I actually arrived here looking for a neater solution but this works without having to change the global httpd.conf.
Edit: removed reference to .htaccess because CustomLog only applies in the global config or in the virtual host config as pointed out by #Basj

Prevent (stop) Apache from logging specific AJAX / XmlHttpRequests?

I'm working on a site where the main idea is to do a lot of xmlHttpRequests in a loop (or loop like construct). But the thing is that every time I access the file on my server from the javascript it is logged in access log on the server. Over time the access log file gets so big it slows down the further requests.
Is there a way to tell the apache (I guess) not to log the access to this file if its correct? (I'm sending a get with a password (always different) to this file.)
The access to the file will be from different IPs.
I don't want to stop all the logging, just the "approved" one.
No problem. Just look at the example from Apache's documentation (a place where you might want to look, if you happen to have an apache-related question in the future).
For example:
# Mark requests for the AJAX call
SetEnvIf Request_URI "^/myajaxscript\.php.*$" dontlog
SetEnvIf Request_URI "^/myotherajaxscript\.php$" dontlog
# Log what remains
CustomLog logs/access_log common env=!dontlog

How can I force a request through mod_jk down to a specific worker?

If I have mod_jk set up with several workers and a load balancer worker, is there a request parameter or something that would allow me to force a specific http request down to a specific worker. For instance if I have a worker worker1 is there something like this:
http://www.example.com?worker=worker1
Often we need to troubleshoot problems on a specific server in the cluster and being able to force the request directly to that server is essential.
I think the common practice is to do that via subdomains which alias the main domain. Just make sure that you don't let Google index because you'll have duplicate content issues. IP filtering and a restrictive robots.txt will do the job.
www1.example.com
www2.example.com
Tweak the value of your JSESSIONID cookie. The end has the name of the worker you're stuck to (assuming you're doing sticky sessions)
Use SetHandler as described here http://tomcat.apache.org/connectors-doc/reference/apache.html instead of JKMount directives
Something like this:
<Location />
SetHandler jakarta-servlet
SetEnvIf REQUEST_URI ^/.*\?.*worker=(\w+)&?$ JK_WORKER_NAME=$1
</Location>