CustomLog Problem

Forum Moderators: phranque

Message Too Old, No Replies

CustomLog Problem

How to log authorisation error

jonbev

10:44 am on Apr 25, 2005 (gmt 0)

Hi,

I am having trouble with burte force attacks on my members section of my website. I would like to add a log file that logs only failed log on attampts.

Could anyone point me in the right direction?

Cheers

Bev

jdMorgan

8:14 pm on Apr 25, 2005 (gmt 0)

Bev,

Welcome to WebmasterWorld!

You didn't say how far you'd gotten with this, but some combination of mod_setenvif [httpd.apache.org] and mod_log_config [httpd.apache.org] may enable you to do what you want.

Jim

jonbev

8:25 pm on Apr 25, 2005 (gmt 0)

Jim,

Thanks for the reply.

I havent really got very far at all. I have seen in the Apache manual how to create a CustomLog. Also in that section they show how to log only gif files using SetEnvIf. I guess there is someway similar?

Bev

jdMorgan

10:25 pm on Apr 25, 2005 (gmt 0)

If you serve a particular error page on login failures, then essentially you are logging requests for that page. You can use a <Files> or <Location>-type container, or a SetEnvIf construct to enable/disable the custom logging, and the result will be that only those requests are logged in the custom log.

This isn't something I've done, so this is just a general hint.

Jim