Apache virtual hosts - logging outgoing traffic

Posted on 2012-09-07
Last Modified: 2012-09-20
Let's consider Apache web server which hosts dozens of named virtual hosts.

It's possible somehow to log outgoing traffic?
Requirement is to have virtual host name logged.

I need that for security reasons, for example hacked PHP/system cron or
modified PHP code of applications.

Possible solution would be to use iptables firewall with Owner match extension.
Question by:marianhe
    LVL 51

    Accepted Solution

    > It's possible somehow to log outgoing traffic?
    if you realy mean "somehow", then yes for example by using mod_security

    if you mean "all", then the answer is no, 'cause apache can only control what's passed to it
    also if you suspect hacked scripts (PHP and such), then apache won't help either 'cause these scripts may connect to outside directly
    best is to use your firewall (iptables) to do it

    but stopp: do you realy mean to log everything? I doubt, 'cause that would simply crash your system due to limited space very shortly.
    if you expect hacked PHP files, then you better disable PHP until you fixed the problem
    if you expect a hacked system (cron etc.) you better disconnect the system from any network until you fixed the problem
    LVL 16

    Expert Comment

    If what you are referring to is Apache outgoing traffic, then each Virtual Host can have its own seperate log files.

    You need to be able to access the http.conf file and in each virtual host add "custom log" lines.

    For instance:

    CustomLog /site_logs/vhostname_access.log combined
    ErrorLog   /site_logs/vhostname_error.log

    Open in new window

    Obviously you should change the path and filenames to suit your environment.

    These log files will become quite large over time (depending on how busy the server is) and you should rotate the log files for each virtual host at least monthly, if not more.

    For more detailed explanations see:

    If you are looking a "system" reated traffic - not handled by Apache (bearing in mind that Apache will handle PHP in almost all cases) - then that is different. Here you would need to set up a "syslog" server instance, and then create a number of MRTG and IPTABLES rules.

    The best solution if you are not familiar with running a web facing server would be install a Hosting Management system (for Linux CPanel is popular).

    Author Comment

    Your first part of the post is irrelevant.
    I emphasized word "OUTGOING". Apache logs are for incoming traffic.
    LVL 16

    Expert Comment

    Apache logs include the outgoing transfer in response to the incoming request.

    Typically these are used in the hosting environment to measure and control bandwidth and resource usage on a server. You can also use the CustomLog directive to seperate "incoming" and "outgoing" traffic in to different logs - and if required include the virtual host name. The amount of detail in the Apache log files is up to you, and reading the Apache documentation will certainly help you with that. There is also a couple of Apache modules that can be used to include additional transport layer information.

    Although you have not mentioned explicitly that you are using Linux, its assumed here, and there are a great number of Open Source tools available to log activity on a Linux server, CSF is one that immediately comes to mind.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
    One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now