1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:40 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

new box logging client hostnames instead of IPs

         

ak4life

3:43 am on Mar 12, 2011 (gmt 0)

10+ Year Member



Setup a new machine with Apache, identical setup to all the other machines I got, yet this one is logging hostnames instead of IPs.

"HostnameLookups" are "Off" and LogFormat settings are identical to all the other machines: 

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent


Added a new LogFormat directive: 

LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_custom


And told the virtual hosts to use it: 

CustomLog /path/to/log combined_custom


This solved the problem, though I'm at a loss as to why I've got this behavior on just this one box and none of the others. OS is Debian Lenny, same version of Apache installed via Debian package.

Any ideas what else might explain the difference in behavior?

My understanding from Apache doc (http://httpd.apache.org/docs/2.0/logs.html#accesslog) is that when "HostnameLookups" are "Off, "%h" will yield IP instead of hostname.. 



# apache2ctl status
...
 Server Version: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with
 Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g

 Server Built: Dec 11 2010 21:34:00
...

# dpkg -s apache2
Package: apache2
Status: install ok installed
Priority: optional
Section: web
Installed-Size: 100
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Architecture: all
Version: 2.2.9-10+lenny9
Depends: apache2-mpm-worker (>= 2.2.9-10+lenny9) | apache2-mpm-prefork (>= 2.2.9-10+lenny9) | apache2-mpm-event (>= 2.2.9-10+lenny9)
Description: Apache HTTP Server metapackage
 The Apache Software Foundation's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy
 scripting and database integration, request/response filtering, many
 flexible authentication schemes, and more.
Homepage: http://httpd.apache.org/

lammert

12:17 am on Mar 14, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



This is all controlled by the HostnameLookups setting in your httpd.conf file. If set to On, your logfiles will be filled with domain names, rather than IP addresses.

ak4life

12:31 am on Mar 14, 2011 (gmt 0)

10+ Year Member



That's what should happen, yes, but it's not what is happening..

As stated in OP, "HostnameLookups" are "Off" 

grep HostnameLookups /etc/apache2/apache2.conf 
# HostnameLookups: Log the names of clients or just their IP addresses
HostnameLookups Off

ak4life

12:40 am on Mar 14, 2011 (gmt 0)

10+ Year Member



Also verified with /server-info to ensure there's no duplicate HostnameLookups directive picked up from somewhere..

lammert

12:45 am on Mar 14, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



There may be more than one config file on your system. On some distributions smaller .conf files are imported by the main configuration file. The HostnameLookups directive may also be used multiple times: one for the global setup, and several others for <Directory> and <VirtualHost> contexts.

ak4life

12:52 am on Mar 14, 2011 (gmt 0)

10+ Year Member 



find /etc/apache2/ -type f | xargs grep -i HostnameLookups 
/etc/apache2/apache2.conf:# HostnameLookups: Log the names of clients or just their IP addresses
/etc/apache2/apache2.conf:HostnameLookups Off

ak4life

1:00 am on Mar 14, 2011 (gmt 0)

10+ Year Member



Test to confirm that /server-info would reveal duplicate directvies: 

# echo "HostnameLookups On" > etc/apache2/conf.d/test.conf
# apache2ctl -t
Syntax OK
# apache2ctl restart



Now /server-info shows two HostnameLookups directives:

In file: /etc/apache2/apache2.conf
 167: HostnameLookups Off

In file: /etc/apache2/conf.d/test.conf
   1: HostnameLookups On


So, doesn't seem like duplicate HostnameLookups directives are the issue here...

ak4life

1:01 am on Mar 14, 2011 (gmt 0)

10+ Year Member



I'm really at a loss here......

lammert

1:03 am on Mar 14, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Sorry, I am currently running out of ideas.

jdMorgan

12:39 am on Mar 18, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Other possibilities are that if any module uses hostname lookups, this can override HostNameLookups off.

Examples would be mod_access, mod_setenvif, and mod_rewrite. For example, 

Deny from abc.cn
#
SetEnvIf Remote_Host "badguys\.tv$" get_out
#
RewriteCond %{REMOTE_HOST} pest\.com
RewriteEule ^ - [F]

Jim

ak4life

1:39 am on Mar 18, 2011 (gmt 0)

10+ Year Member



jdMorgan,

You, sir, are a genius. That was exactly it.

Specifically, the following directives: 

<Directory "/path/to/dir">
 Order deny,allow
 Deny from all
 Allow from xx.xx.xx.xx
 Allow from xx.xx.xx.xx/xx
 Allow from host.example.com
</Directory>


The above was causing Apache to log hostname for "host.example.com" ONLY, other hosts were logged by IP. If host.example.com is on the subnet specified previously (in the line above, for instance), it would be logged using its IP.

Hostname also had to be removed from another config: 

In file: /etc/apache2/mods-enabled/status.conf
 8: <Location /server-status>
 10: Order deny,allow
 11: Deny from all
 12: Allow from localhost ip6-localhost
 13: Allow from host.example.com
 14: Allow from xx.xx.xx.xx
 : </Location>


The bottom line though is that my concern was about the performance penalty that resolving IP of each visitor would cause. This seems to be a non issue, because Apache was resolving the IP of just the host whose hostname was listed in the config. Not for everyone. I didn't catch this at first because it was a brand new box and I was the only one working on it. Now that more people are hitting it, I see it.

That said, it's great to have this mystery solved.

Many thanks!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:40 pm May 1, 2026