|
Packit |
57988d |
###########################################################################
|
|
Packit |
57988d |
# Configuration file for http filter
|
|
Packit |
57988d |
###########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
Title = "httpd"
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Which logfile group...
|
|
Packit |
57988d |
LogFile = http
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Define the log file format
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# This is now the same as the LogFormat parameter in the configuration file
|
|
Packit |
57988d |
# for httpd. Multiple instances of declared LogFormats in the httpd
|
|
Packit |
57988d |
# configuration file can be declared here by concatenating them with the
|
|
Packit |
57988d |
# '|' character. The default, shown below, includes the Combined Log Format,
|
|
Packit |
57988d |
# the Common Log Format, and the default SSL log format.
|
|
Packit |
57988d |
#$LogFormat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"|%h %l %u %t \"%r\" %>s %b|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# The following is supported for backwards compatibility, but deprecated:
|
|
Packit |
57988d |
# Define the log file format
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# the only currently supported fields are:
|
|
Packit |
57988d |
# client_ip
|
|
Packit |
57988d |
# request
|
|
Packit |
57988d |
# http_rc
|
|
Packit |
57988d |
# bytes_transfered
|
|
Packit |
57988d |
# agent
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
#$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent"
|
|
Packit |
57988d |
#$HTTP_FORMAT = "space space space brace quote space space quote quote"
|
|
Packit |
57988d |
# Define the field formats
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# the only currently supported formats are:
|
|
Packit |
57988d |
# space = space delimited field
|
|
Packit |
57988d |
# quote = quoted ("..") space delimited field
|
|
Packit |
57988d |
# brace = braced ([..]) space delimited field
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Flag to ignore 4xx and 5xx error messages as possible hack attempts
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Set flag to 1 to enable ignore
|
|
Packit |
57988d |
# or set to 0 to disable
|
|
Packit |
57988d |
$HTTP_IGNORE_ERROR_HACKS = 0
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Ignore requests
|
|
Packit |
57988d |
# Note - will not do ANY processing, counts, etc... just skip it and go to
|
|
Packit |
57988d |
# the next entry in the log file.
|
|
Packit |
57988d |
# Note - The match will be case insensitive; e.g. /model/ == /MoDel/
|
|
Packit |
57988d |
# Examples:
|
|
Packit |
57988d |
# 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits
|
|
Packit |
57988d |
# $HTTP_IGNORE_URLS = ^/model/\d{1,10}$
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# 2. Ignore all URLs starting with /model/ and ending with 1 to 10 digits and
|
|
Packit |
57988d |
# all URLS starting with /photographer and ending with 1 to 10 digits
|
|
Packit |
57988d |
# $HTTP_IGNORE_URLS = ^/model/\d{1,10}$|^/photographer/\d{1,10}$
|
|
Packit |
57988d |
# or simply:
|
|
Packit |
57988d |
# $HTTP_IGNORE_URLS = ^/(model|photographer)/\d{1,10}$
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# To ignore a range of IP addresses completely from the log analysis,
|
|
Packit |
57988d |
# set $HTTP_IGNORE_IPS. For example, to ignore all local IP addresses:
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# $HTTP_IGNORE_IPS = ^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# For more sophisticated ignore rules, you can define HTTP_IGNORE_EVAL
|
|
Packit |
57988d |
# to an arbitrary chunk of code.
|
|
Packit |
57988d |
# The default is not to filter anything:
|
|
Packit |
57988d |
$HTTP_IGNORE_EVAL = 0
|
|
Packit |
57988d |
# Example:
|
|
Packit |
57988d |
# $HTTP_IGNORE_EVAL = "($field{http_rc} == 401) && ($field{client_ip}=~/^192\.168\./) && ($field{url}=~m%^/protected1/%)"
|
|
Packit |
57988d |
# See the "scripts/services/http" script for other variables that can be tested.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# The variable $HTTP_USER_DISPLAY defines which user accesses are displayed.
|
|
Packit |
57988d |
# The default is not to display user accesses:
|
|
Packit |
57988d |
$HTTP_USER_DISPLAY = 0
|
|
Packit |
57988d |
# To display access failures:
|
|
Packit |
57988d |
# $HTTP_USER_DISPLAY = "$field{http_rc} >= 400"
|
|
Packit |
57988d |
# To display all user accesses except "Unauthorized":
|
|
Packit |
57988d |
# $HTTP_USER_DISPLAY = "$field{http_rc} != 401"
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# To raise the needed level of detail for one or more specific
|
|
Packit |
57988d |
# error codes to display a summary instead of listing each
|
|
Packit |
57988d |
# occurrence, set a variable like the following ones:
|
|
Packit |
57988d |
# Raise 403 codes to detail level High
|
|
Packit |
57988d |
#$http_rc_detail_rep_403 = 10
|
|
Packit |
57988d |
# Always show only summary for 404 codes
|
|
Packit |
57988d |
#$http_rc_detail_rep_404 = 20
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 et
|