Fmota Tech

Where can i find the errorlogs in ubuntu for apache httpd?

On Mon, Jul 26, 2010 at 11:24 AM, Bennett Haselton wrote:

There’s still a cryptic way for that, but I don’t know it will work or not. Create eth0:0 with IP of 192.168.1.X or some other non-public IP. Make apache listen on that IP, and DNAT/PREROUTE/WHATEVER those ipset requests to this private IP. And configure apache vhost for that IP which prints that message.

Also this way, you can block those malicious users from all services- not only apache and they can contact you if you banned them by mistake.

Do let me know if you implement successfuly (or try to do so ).

On Sat, Jul 24, 2010 at 5:40 AM, Bennett Haselton wrote:

If you want to block the IPs on all services you could use iptables along with ipset. You could also put them directly in iptables as chain rules, but as the number of IPs increases, it increases the CPU usage like hell. ipset is viable solution in that case. You just need kernel headers and (probably, I don’t remember) netfilter source to compile iptables.

At 05:29 PM 7/25/2010, Eric Covener wrote:

Yes. I have that option turned off in IE. In any case, what I’m seeing is a “403 forbidden” message from Apache and not a “friendly” one inserted by IE. Besides, when I access http:// URLs that generate a 403 error, I do see the “your ip has been banned” message as expected. It’s only for https:// URLs that it doesn’t work.

Yes. And anyway like I said I’m seeing the custom 403 error message when browsing http:// URLs. It’s only https:// URLs that give the default 403 error instead of the custom one.

-Bennett

On Sun, Jul 25, 2010 at 8:23 PM, Bennett Haselton wrote:

Sure your browser isn’t showing you “friendly error messages” for a short error document?

Did you actually search your configuration for other ErrorDocument 403 directives that might have a higher precedence?

At 05:08 PM 7/25/2010, Eric Covener wrote:

I’ve already read that page and followed the directions, and it’s not working the way the page describes it, or at least, there’s something missing. The page says: “What Directives are Allowed? — To find out what directives are allowed in what types of configuration sections, check the Context of the directive.”

That’s what I’m doing, and it does not work. The “context” for ErrorDocument says “server config, virtual host, directory, .htaccess”. I have put the line ErrorDocument 403 /banned_ip.php in the httpd.conf file, in the ssl.conf file both inside and outside the section, and in the .htaccess file, and none of those combinations are working — 403 errors in https urls are still giving the default 403 error instead of the custom one. There’s some extra step required that’s not in the documentation, at least not in that portion of it. Do you know what it is?

-Bennett

By the way, I posted this question on vworker.com (where you can post “work items” for contractors to bid on, although I more often use it to post questions and then people submit bids for telling me the answer), and someone told me the answer for $20.

The answer, it turns out, is the /etc/httpd/conf.d/welcome.conf file has its own ErrorDocument 403 directive which matches the “/” page when the “/” page gives a 403 error, so that’s why I was getting the Apache test page. Comment out the lines in welcome.conf or replace it with a zero-byte file and you’re good. (It looks like on this machine we must have previously figured this out at some point, because welcome.conf had been renamed to welcome.conf.bak — but then something mysteriously restored the welcome.conf file, which broke it again. I assume it might have been a “yum update” which put back the welcome.conf file. Hopefully having a zero-byte file there will prevent yum updates from clobbering it.)

This still does not solve the problem of why I’m not getting the right custom 403 error when I go to https://209.160.28.154/ though… I still don’t know how to make the ErrorDocument directive apply to the https site.

-Bennett

At 05:10 PM 7/23/2010, Bennett Haselton wrote:

I’m trying to ban certain IPs from visiting my site, so that they instead see a message saying “Your IP has been banned, email me if you think this is an error.” I’ve *almost* got it working — when people visit URLs like http://209.160.28.154/index.html or http://209.160.28.154/foo-does-not-exist they see the “banned IP” message. However, the problem is that if you try to access the front page: http://209.160.28.154/ from a banned IP address, you see the “Apache Test Page for CentOS” page, instead of seeing the “banned IP” message. Anybody recognize this problem or have an idea of what could be causing it?

In my httpd.conf file, I changed “AllowOverride None” to “AllowOverride All” in both the default tag and inside the tag — I placed a modified copy of httpd.conf at: http://209.160.28.154/httpd.conf and in /var/www/html I placed a .htaccess file containing these lines: >>> ErrorDocument 403 /banned_ip.php order deny,allow deny from 71.112.32.149 >>> and restarted the server. (The page http://209.160.28.154/banned_ip.php shows the message you’re supposed to see when connecting from a banned IP. 71.112.32.149 is my home machine IP which I’ve “banned” for testing purposes.)

So like I said, that almost works, where http://209.160.28.154/index.html gives the right error message, but http://209.160.28.154/ does not. Any idea how to change is to that all URLs under http://209.160.28.154/ will give the “banned IP” message if connecting from a banned IP?

-Bennett

Hello,

please configure your mailer to wrap lines below 80 characters per line. 72 to 75 is usually OK.

Thank you.

On 08.07.10 13:40, J. Bakshi wrote:

is this in server config or in some virtualhost or directory section? Is there any section of the host you are referring to?

On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote:

Are you sure you’re not seeing cached copies?

Order allow,deny Deny from all

This prevents you from opening (GET /.htaccess) those files.

If you want to prevent them from being seen in a directory listing, use “IndexIgnore”

http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore

Mark.