# /etc/apache/conf/httpd-log.conf, v1.3 2004/07/28 TiChou # # Exemple de configuration Apache pour la gestion des logs # TiChou HostnameLookups On LogFormat "%{%b %e %H:%M:%S}t \"%{Host}i\" %h (%a) %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined RewriteEngine on SetEnvIfNoCase Request_URI \.(gif|jpe?g|png|bmp) image-request nolog SetEnvIf Request_URI ^/graph_image\.php image-request nolog SetEnvIfNoCase Request_URI ^/msadc/ noise nolog SetEnvIfNoCase Request_URI ^/[cd]/ noise nolog SetEnvIfNoCase Request_URI /(form.?mail|mail.?form).?\. noise nolog SetEnvIfNoCase Request_URI (name|mail)=%0AFrom%3A.*submit noise nolog SetEnvIf Request_URI /(root\.exe|cmd\.exe|default\.ida|Admin\.dll|nsiislog\.dll|cltreq\.asp|sjdif\.exe) noise nolog SetEnvIf Request_URI /winnt/ noise nolog SetEnvIf Request_URI \\winnt noise nolog SetEnvIf Request_URI /_(vti|mem)_ noise nolog SetEnvIf Request_URI /\.\.% noise nolog SetEnvIf Request_URI \?/c\+ noise nolog SetEnvIf Request_URI ^/sumthin noise nolog # \x90 injection exploit code SetEnvIf Request_URI noise nolog SetEnvIf Request_URI /(admin|[c-h])%24 noise nolog RewriteCond %{THE_REQUEST} !^(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|PATCH|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|TRACE) RewriteRule .* - [L,env=bad-request:1,env=nolog:1,nosubreq] RewriteCond %{THE_REQUEST} ^CONNECT RewriteRule .* - [L,env=connect-request:1,env=nolog:1,nosubreq] RewriteCond %{THE_REQUEST} ^(HEAD|PUT|DELETE|OPTIONS|PATCH|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|TRACE) RewriteRule .* - [L,env=method-request:1,env=nolog:1,nosubreq] SetEnvIf Request_URI ^/~ user-dir nolog SetEnvIf Request_URI ^/%7[eE] user-dir nolog SetEnvIf Request_URI ^/robots\.txt$ crawler nolog SetEnvIfNoCase Remote_Host crawl|search|whois|spider crawler nolog CustomLog "| /root/bin/splitlog access_log" combined env=!nolog CustomLog "| /root/bin/splitlog images_log" combined env=image-request CustomLog "| /root/bin/splitlog noise_log" combined env=noise CustomLog "| /root/bin/splitlog method_log" combined env=method-request CustomLog "| /root/bin/splitlog connect_log" combined env=connect-request CustomLog "| /root/bin/splitlog badmethod_log" combined env=bad-request CustomLog "| /root/bin/splitlog user_log" combined env=user-dir CustomLog "| /root/bin/splitlog crawler_log" combined env=crawler CustomLog "| /root/bin/splitlog full_log" combined