Rss

Archives for : nginx

A tiny HTTPD error log parser

Probably the tinyest one yet useful, at least to me; here is a tiny perl script used to quickly check what script kiddies are doing on my Nginx web server:


#!/usr/bin/perl -n
/"((GET|HEAD|POST) [^"]+)"/ and $R=$1;
/client: ([^,]+)/ and $C=$1,$cnt{$C}++;
($C && $R) and print"$C\t$R ($cnt{$C})\n"

Executed with the error log file as argument, it gives something like:


23.20.103.233 GET /clientaccesspolicy.xml HTTP/1.1 (1)
114.40.35.173 GET /phpTest/zologize/axa.php HTTP/1.1 (1)
114.40.35.173 GET /phpMyAdmin/scripts/setup.php HTTP/1.1 (2)
114.40.35.173 GET /pma/scripts/setup.php HTTP/1.1 (3)
114.40.35.173 GET /myadmin/scripts/setup.php HTTP/1.1 (4)
184.72.184.113 GET /clientaccesspolicy.xml HTTP/1.1 (1)
46.165.220.215 GET /vtigercrm/vtigerservice.php HTTP/1.1 (1)
54.80.66.122 GET /clientaccesspolicy.xml HTTP/1.1 (3)
202.53.8.82 GET /ossim/session/login.php HTTP/1.1 (1)
23.22.216.162 GET /clientaccesspolicy.xml HTTP/1.1 (1)
178.63.114.68 HEAD /.psi/profiles/default/config.xml HTTP/1.1 (1)
178.63.114.68 HEAD /.purple/accounts.xml HTTP/1.1 (2)
178.63.114.68 HEAD /dsa HTTP/1.1 (3)
178.63.114.68 HEAD /.htpasswd HTTP/1.1 (4)
178.63.114.68 HEAD /.htpasswd~ HTTP/1.1 (5)
54.204.131.75 GET /clientaccesspolicy.xml HTTP/1.1 (1)

And yes, this is a real excerpt from my current logfile.

sogo-last, a quick utility for SOGo

The small script is used to parse an nginx (or any other webserver) access log and output the list of the last connected SOGo users, sorted by date of connexion.

#!/usr/bin/perl

use strict;
use warnings;

my $logfile = shift;
$logfile ||= "/var/log/nginx/access.log";

my %seen = ();
open LOG, "<$logfile" or die "Can't open '$logfile': $!\n";
while ()
{
        if (m#\[([^\]]+)\].*POST /SOGo/so/([^/]+)/Mail//#)
        {
                $seen{$2} = $1;
        }
}
close LOG;

sub bydate { $seen{$a} cmp $seen{$b}; }

foreach (sort bydate keys %seen)
{
        printf "%-12s %s\n", $_, $seen{$_};
}

exit(0);

Réécriture HTTP vers HTTPS pour ownCloud et nginx

Voici une manière de mettre en place sur un serveur nginx une sécurisation via HTTPS de l’authentification à ownCloud ; en clair : utiliser le site en HTTP sauf pour la phase de login.

Dans la configuration de l’hôte fournissant le service en HTTP, le fichier /etc/nginx/sites-enabled/owncloud dans mon cas, on ajoute les directives suivantes :

if ($request_uri ~ ^/$) {
	rewrite ^ https://$server_name/index.php permanent;
}
if ($request_uri ~ ^/index.php$) {
	rewrite ^ https://$server_name$request_uri? permanent;
}

Ceci étant valable pour un ownCloud installé à la racine du site, il faut sinon bien évidemment adapter l’expression régulière.

Continue Reading >>