| Author |
|
DmitryV
Joined: 10 Jan 2011
Posts: 29
Location: Russian Federation, Saint-Petersburg
|
 Posted: Fri 14 Jan '11 17:56 Post subject: Hostnames in the logs of Apache VC9 builds - why? |
 |
|
Question - why in the apache log writes the host names rather than IP addresses?
If using Build of apachelounge.com or apachehaus.com something in the log files that are records such as:
| Quote: | crawl-66-249-72-243.googlebot.com - - [14/Jan/2011:18:31:12 +0300] "GET /viewforum.php?f=11 HTTP/1.1" 200 10910
imparser01.yandex.ru - - [14/Jan/2011:18:37:19 +0300] "GET /images/icons/myicons/graphics.png HTTP/1.1" 304 -
95.108.129.207 - - [14/Jan/2011:18:40:48 +0300] "GET / HTTP/1.1" 200 31690
95.108.129.207 - - [14/Jan/2011:18:46:50 +0300] "GET / HTTP/1.1" 200 31686
95.108.129.207 - - [14/Jan/2011:18:52:59 +0300] "GET / HTTP/1.1" 200 31682
188.226.2.96-fttb.planeta.tc - - [15/Jan/2011:09:14:08 +0300] "GET /styles/prosilver/imageset/icon_contact_www.gif HTTP/1.1" 200 590
188.226.2.96-fttb.planeta.tc - - [15/Jan/2011:09:14:08 +0300] "GET /favicon.ico HTTP/1.1" 200 894
78.159.112.200 - - [15/Jan/2011:09:35:40 +0300] "GET /index.php HTTP/1.0" 200 41401
crawl-66-249-71-118.googlebot.com - - [15/Jan/2011:10:31:13 +0300] "GET /index.php HTTP/1.1" 200 28785 |
Sometimes, instead of IP addresses are host names, if they use Build from apache.org, are always IP addresses and host names do not happen in the logs, the question of why so?
Apache is configured not resolves the names of a record in a log IP. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
DmitryV
Joined: 10 Jan 2011
Posts: 29
Location: Russian Federation, Saint-Petersburg
|
| Posted: Sat 15 Jan '11 20:35 Post subject: |
|
|
I know it, the directive established
HostnameLookups Off
problem is seen on a virtual host, all checked in the settings HostnameLookups Off indicated, but the names of the host is still there, the builds is from the site apachehaus.com or apachelounge.com
PS: can a private talk is to test, my e-mail and my fasebook on the page with my profile |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sun 16 Jan '11 15:12 Post subject: |
|
|
I do not want to do it cause I prefer hostnames, but I'll kick mine into HostnameLookup Off
It's a vc6 build but I'll monitor it today and see what I find. If it comes up with just IPs I'll drop a vc9 build on and look at it. If it then becomes like you are seeing, I'll start looking at the differences in the code between _MSC_VER <= 1200 (vc6 & under) & _MSC_VER > 1200 (vc7 & up), not that I'll know what is going on. |
|
| Back to top |
|
DmitryV
Joined: 10 Jan 2011
Posts: 29
Location: Russian Federation, Saint-Petersburg
|
| Posted: Sun 16 Jan '11 15:21 Post subject: |
|
|
Thank you, I see this in the Apache logs every day, build Apace VC9 from apachehaus.com or apachelounge.com.
If you roll back to VC6 it's all right (all IPs).
| Code: | 217.196.18.18 - - [17/Jan/2011:08:39:47 +0300] "GET ...." 200 894
217.196.18.18 - - [17/Jan/2011:08:40:08 +0300] "GET ....." 200 13277
217.196.18.18 - - [17/Jan/2011:08:40:13 +0300] "GET ....." 200 43
217.196.18.18 - - [17/Jan/2011:08:40:13 +0300] "GET ....." 200 70300
95.211.9.167 - - [17/Jan/2011:09:16:47 +0300] "POST ....." 200 8295
95.211.9.167 - - [17/Jan/2011:09:16:52 +0300] "GET ....." 200 33318
95.211.9.167 - - [17/Jan/2011:09:16:57 +0300] "GET ....." 200 33318
95.211.9.167 - - [17/Jan/2011:09:17:02 +0300] "GET ....." 200 33318
87-253-14-102.pppoe.yaroslavl.ru - - [17/Jan/2011:10:14:06 +0300] "POST ....." 200 18453
87-253-14-102.pppoe.yaroslavl.ru - - [17/Jan/2011:10:14:11 +0300] "POST ....." 200 6765
crawl-66-249-72-243.googlebot.com - - [17/Jan/2011:10:22:04 +0300] "GET ....." 200 18978
79-142-87-21.obit.ru - - [17/Jan/2011:12:52:32 +0300] "GET ...." 200 8581
79-142-87-21.obit.ru - - [17/Jan/2011:12:52:32 +0300] "GET ....." 200 590
79-142-87-21.obit.ru - - [17/Jan/2011:12:52:32 +0300] "GET ....." 200 894
h-131-197.cssgroup.lv - - [17/Jan/2011:13:45:02 +0300] "GET ....." 200 42175
h-131-197.cssgroup.lv - - [17/Jan/2011:13:45:14 +0300] "POST ....." 200 18533
crawl-66-249-72-243.googlebot.com - - [17/Jan/2011:13:48:03 +0300] "GET ....." 200 13116 |
I think it's from all the names in which there is an IP address or number, for example 8.test. com, and so on until no more can not imagine .. if someone tell me how to intercept IP packets coming from virtual host Apache? Thank you.
Last edited by DmitryV on Tue 18 Jan '11 11:21; edited 1 time in total |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 17 Jan '11 16:14 Post subject: |
|
|
| 24 hours on VC6 build and all IPs. It is going to be a couple days before I can do it but I'll swap out with a VC9 build and test again and post my results. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Thu 20 Jan '11 2:56 Post subject: |
|
|
Hi Dmity,
At 7 hours on Apachehaus' 2.2.17 with HostnameLookup Off I'm not seeing any hostnames, all IPs. I will leave it this way for at least 24 hours. Most traffic so far has just been spiders (resolving the IPs by hand) and my own IP.
I'm seeing so far;
220.181.108.161 -> baiduspider-220-181-108-161.crawl.baidu.com
66.249.72.231 -> crawl-66-249-72-231.googlebot.com
220.181.7.52 -> baiduspider-220-181-7-52.crawl.baidu.com
220.181.108.161 - - [19/Jan/2011:10:27:57 -0800] "GET /robots.txt HTTP/1.1" 200 73
66.249.72.231 - - [19/Jan/2011:11:47:46 -0800] "GET /robots.txt HTTP/1.1" 200 33
220.181.7.52 - - [19/Jan/2011:15:12:26 -0800] "GET /robots.txt HTTP/1.1" 404 419 |
|
| Back to top |
|
DmitryV
Joined: 10 Jan 2011
Posts: 29
Location: Russian Federation, Saint-Petersburg
|
| Posted: Thu 20 Jan '11 10:21 Post subject: |
|
|
I have this problem on 1 of the virtual hosts, or rather to 1 out of 3, the settings are all the same, on the other 2 that there is no problem if the roll back to the VC6 build there is no problem in the logs, everything is correct (apache configuration files do not change when rollback) .
OS: Server 2008 R2 (x64) |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Thu 20 Jan '11 23:57 Post subject: |
|
|
I'd look deep into that one specific vhost and look for differences in it. I'm not saying there is, but sometimes things are subtle and hard to find.
After well over 24 hours, I have nothing but IP addresses, resolvable IP addresses. I've sanitized them some to be kind to these visitors;
65.xxx.84.254 - - [19/Jan/2011:13:23:28 -0800] "GET /favicon.ico HTTP/1.1" 200 4286
65.xxx.84.254 -> 65.xxx.84.254.ptr.us.xo.net
81.47.xxx.162 - - [20/Jan/2011:01:19:41 -0800] "GET /favicon.ico HTTP/1.1" 200 4286
81.47.xxx.162 -> 162.Red-81-47-xxx.staticIP.rima-tde.net |
|
| Back to top |
|
DmitryV
Joined: 10 Jan 2011
Posts: 29
Location: Russian Federation, Saint-Petersburg
|
| Posted: Fri 21 Jan '11 7:37 Post subject: |
|
|
Now upgrade to Apache 2.2.17 build from apache.org not understand what was going on, ask for help, only 1 of the 3 virtual hosts also are combined logs - IP and host names, the other is all right in the settings are correct, no I can not understand what it was before everything was OK, tell me which way and what the library to look at?
Thank you very much!
OS Server 2008 R2 SP1 |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Sun 23 Jan '11 16:49 Post subject: |
|
|
If your LogFormat is the default value: | Code: | | LogFormat "%h %l %u %t \"%r\" %>s %b" common |
the first code - %h - means:
"Log the remote hostname only if it can be learned without doing an additional name lookup on the network, otherwise log the IP address. "
You can guarantee that it is always an IP address by changing this code to %a instead of %h.
When Apache is built with the older Windows SDKs, the log almost always shows an IP address if HostnameLookups is OFF.
With the newer Windows SDKs (which Apache Lounge and ApacheHaus use to build Apache), then Windows may take advantage of looking in %SystemRoot%\System32\drivers\etc\hosts, or checking recent local-network connections, to find the name without doing an additional name lookup on the network.
This is why %h will show the name more often with Apache Lounge or ApacheHaus builds than it does with the apache.org builds.
-tom- |
|
| Back to top |
|
DmitryV
Joined: 10 Jan 2011
Posts: 29
Location: Russian Federation, Saint-Petersburg
|
| Posted: Sun 23 Jan '11 21:39 Post subject: |
|
|
| Thank you for your detailed response. |
|
| Back to top |
|
