Apache Server configuration support

Author

Logging Dir Access

Ridge Burner

2006-02-22, 6:08 pm

I am looking for a way to log any/all access to a specific directory. I have
a sub-directory in a password protected site, which has htaccess rules to
only allow specific users to access it:

<snip>
RewriteEngine on
RewriteCond %{REMOTE_USER} !^joey$
RewriteCond %{REMOTE_USER} !^billy$
RewriteRule !thumbnail\.jpg$ http://mydomain.com [R,L]
</snip>

This works fine for the most part, and the user is bumped back to main page
if the username is not in the 'list'. But, someone has been able to get
around this, and I would like to track down who the user is and what their
IP is. I do not have access to the server logs, but I understand that I can
create a custom log for something of this nature.

I want to log all access attempts to all files in the directory except for
the one that is allowed (see snippet).
I want to record the IP, username and time.

I'm not looking for 'freebies', but some advice on what I should research
before setting this up myself.
Any help would be greatly appreciated!

--Ridge

Robert Ionescu

2006-02-22, 6:08 pm

Ridge Burner wrote:
> I do not have access to the server logs, but I understand that I can
> create a custom log for something of this nature.

The CustomLog directive must be defined in per-server context
(httpd.conf, -> server config, virtual host). It cannot be placed into
..htaccess files. Since you don't have access to the logs, I guess you
cannot access the httpd.conf, too?

You might forward every request (internally) to some sort of php script,
log and handle the request. But this creates some php processing while
PHP must open and read every file (fread(); etc.), sending the
appropriate HTTP-response headers and the content of the file.

If you do have access to the httpd.conf, you might set an environment
variable (i.e. mod_setenvif checking request_uri) and use the third
argument from the CustomLog directive (env=environment-variable).

--
Robert