Great Circle Associates Firewalls
(December 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: .shtml or .html that is the queston
From: "Michael H. Warfield" <mhw @ wittsend . com>
Date: Mon, 22 Dec 1997 09:06:44 -0500 (EST)
To: sandman @ unitedcouncil . org
Cc: firewalls @ GreatCircle . COM
In-reply-to: <34831514 . 65900A0D @ unitedcouncil . org> from Sandman at "Dec 1, 97 02:50:45 pm"

	Only marginally related to firewalls, but to keep it on topic, anyone
got ideas on how to subvert an http proxy into logging what he needs?
Here's my suggestion back at the server...

Sandman enscribed thusly:

>   I submitted a web page to a few search engines they are .html pages
> and its getting quit a few hits. The problem is that I want to know what
> they did a search on to find that web page. Of course we came up with
> the idea of putting a logger cgi script up to record where the hits or
> coming from. The problem is that the files are .html and for a cgi
> script to work it needs to be .shtml I thought about renaming the files
> to .shtml but then when someone try's to access link1.html  they will
> get a 404 file not found. Then I thought about placing a link to a web
> page with the logger command line in it. That would not work because it
> will report the last page it went to (link1.html) would show up and also
> http://www.unitedcouncil.org/index.shtml has a logger script so it would
> be stupid to have to loggers that would record the same info... -Any
> Ideas?

	Why go to this much trouble...  Just configure your access_log
log output from your web server for the "combined format" which includes
referer and agent on the access entry.  Then a simple script can parse
your access log and tell you were everything came from...

	For apache with the "config_log_module" compiled in, you just have
to add the following line to your httpd.conf file:

LogFormat "%h %l %u %t \"%r\" %>s %b %{referer}i \"%{user-agent}i\""

	(I'm assuming that if you got access to manipulate cgi-bin scripts
then you've got access to log files...).

>     -Sandman-
> The United Council
> http://www.unitedcouncil.org
> sandman @
 unitedcouncil .
 org

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw @
 WittsEnd .
 com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


References:
Indexed By Date Previous: Re: again & again & again -- is there really a SERVER ?
From: "Michel Lavondes" <lavondes @ tidtest . total . fr>
Next: System Auditing ...
From: sundaram @ austin . asc . slb . com
Indexed By Thread Previous: Re: .shtml or .html that is the queston
From: Dave <dkf @ zip . com . au>
Next: Re: .shtml or .html that is the queston
From: Jamie Lawrence <jal @ 42is . com>

Google
 
Search Internet Search www.greatcircle.com