###########################################################################

# Configuration file for http filter

###########################################################################

Title = "httpd"

# Which logfile group...

LogFile = http

# Define the log file format

#

# This is now the same as the LogFormat parameter in the configuration file

# for httpd.  Multiple instances of declared LogFormats in the httpd

# configuration file can be declared here by concatenating them with the

# '|' character.  The default, shown below, includes the Combined Log Format,

# the Common Log Format, and the default SSL log format.

#$LogFormat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"|%h %l %u %t \"%r\" %>s %b|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# The following is supported for backwards compatibility, but deprecated:

# Define the log file format

#

#   the only currently supported fields are:

#			client_ip

#			request

#			http_rc

#			bytes_transfered

#			agent

#

#$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent"

#$HTTP_FORMAT = "space     space space    brace    quote   space        space       quote   quote"

# Define the field formats

#

#   the only currently supported formats are:

#			space = space delimited field

#			quote = quoted ("..") space delimited field

#			brace = braced ([..]) space delimited field

# Flag to ignore 4xx and 5xx error messages as possible hack attempts

#

# Set flag to 1 to enable ignore

# or set to 0 to disable

$HTTP_IGNORE_ERROR_HACKS = 0

# Ignore requests

# Note - will not do ANY processing, counts, etc... just skip it and go to

# the next entry in the log file.

# Note - The match will be case insensitive; e.g. /model/ == /MoDel/

# Examples:

# 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits

#   $HTTP_IGNORE_URLS = ^/model/\d{1,10}$

#

# 2. Ignore all URLs starting with /model/ and ending with 1 to 10 digits and

#   all URLS starting with /photographer and ending with 1 to 10 digits

#   $HTTP_IGNORE_URLS = ^/model/\d{1,10}$|^/photographer/\d{1,10}$

#   or simply:

#   $HTTP_IGNORE_URLS = ^/(model|photographer)/\d{1,10}$

# To ignore a range of IP addresses completely from the log analysis,

# set $HTTP_IGNORE_IPS. For example, to ignore all local IP addresses:

#

#   $HTTP_IGNORE_IPS = ^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\.

#

# For more sophisticated ignore rules, you can define HTTP_IGNORE_EVAL

# to an arbitrary chunk of code.

# The default is not to filter anything:

$HTTP_IGNORE_EVAL = 0

# Example:

# $HTTP_IGNORE_EVAL = "($field{http_rc} == 401) && ($field{client_ip}=~/^192\.168\./) && ($field{url}=~m%^/protected1/%)"

# See the "scripts/services/http" script for other variables that can be tested.

# The variable $HTTP_USER_DISPLAY defines which user accesses are displayed.

# The default is not to display user accesses:

$HTTP_USER_DISPLAY = 0

# To display access failures:

# $HTTP_USER_DISPLAY = "$field{http_rc} >= 400"

# To display all user accesses except "Unauthorized":

# $HTTP_USER_DISPLAY = "$field{http_rc} != 401"

# To raise the needed level of detail for one or more specific

# error codes to display a summary instead of listing each

# occurrence, set a variable like the following ones:

# Raise 403 codes to detail level High

#$http_rc_detail_rep_403 = 10

# Always show only summary for 404 codes

#$http_rc_detail_rep_404 = 20

# vi: shiftwidth=3 tabstop=3 et