[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Log informations when accessing to a page

Posted on 2009-04-23
13
Medium Priority
?
179 Views
Last Modified: 2012-05-06
Hi!

My situation: I need to log access to certain pages, there is an authentication information in the url, so I wish by exemple, when I go on:

http://server/authentication_hash_here/folder1/my_file.png

That I've a file with the information "authentication_hash_here has accessed to folder1/my_file.png"

So I've made a simple .htaccess that redirect to a php script, this php script log the information and display the file.

So that works, BUT I've some problem:

Sometimes I need to generate files, by exemple, xml file, and of course my php script isn't working because he doesn't execute anything. And I think this is a security problem too.

So how can we ask to display a processed file without redirecting to it?

Or more simple: is it a way to ask to apache to:
make a little script(log script heere)
AND display the asked page

Thanks a lot!
0
Comment
Question by:Nargzul
  • 7
  • 5
13 Comments
 
LVL 2

Expert Comment

by:EliotBall
ID: 24213610
Instead of linking to the file, use another PHP file which will echo file_get_contents(file-name);
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24213772
The problem is that is something very big files(many Mo) to many clients at same times.
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24224225
> Or more simple: is it a way to ask to apache to:
> make a little script(log script heere)
> AND display the asked page

You won't need a script; just use conditional logging
# httpd.conf
 
# define request_URIs to be logged via regular expressions (may be you have that regEx already)
SetEnvIf Request_URI ^/[^/]+{15}/ speciallog
 
# define the log
CustomLog speciallog.log special env=speciallog
 
# define the log format; use the URL-path
LogFormat "%U" special

Open in new window

0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 1

Author Comment

by:Nargzul
ID: 24224328
Hum, okay, the way is pleasant.

But I don't have understand the whole thing:

-Where the "special" var is setted?
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24225020
> -Where the "special" var is setted?
LogFormat "%U" special
               ^^^^^^^^  here. That's the log format named "special"

Open in new window

0
 
LVL 1

Author Comment

by:Nargzul
ID: 24225055
Hum, so what do we put inside??? its the "special_log"?
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24225338
We're logging the URL-path (%U) into the speciallog.log.

That would be /authentication_hash_here/folder1/my_file.png
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24225368
Okay, and if we would make a different format with the url??
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24226579
You'd like to change the URL into /folder1/xy.png?hash=hfaweuirhwer as opposed to your inital posting - or what?
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24228650
In fact I wish log this with a special format, something like:

access to http://server/authentication_hash_here/folder1/my_file.png

--> Write something like "authentication_hash_here access to folder1/my_file.png"

It would be a plus ;)
0
 
LVL 27

Accepted Solution

by:
caterham_www earned 2000 total points
ID: 24228735
Try something like below; but you'd have to adjust the regular expression (unless your hash consists of 15 characters).
# httpd.conf
 
# define request_URIs to be logged via regular expressions (may be you have that regEx already)
SetEnvIf Request_URI ^/([^/]+{15})/(.*) hash=$1 uri=$2
 
# define the log
CustomLog speciallog.log special env=hash
 
# define the log format;
LogFormat "%{hash}e access to %{uri}e" special

Open in new window

0
 
LVL 1

Author Comment

by:Nargzul
ID: 24228876
Okay excellent! I will try this tommorrow!
0
 
LVL 1

Author Closing Comment

by:Nargzul
ID: 31573687
Thanks
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month19 days, 5 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question