Apache httpd Tools

I wrote a number of tools for the book, and some I am still writing. The working versions are given below in the hope that they may be of use to others. Please submit your comments back so the tools can be improved further.

• Access the CVS directly

The following tools are available in the distribution:

• apache-monitor - monitors mod_status output and stores web server activity in a RRD file
• apache-monitor-graph - creates pretty graphs from a RRD file populated by the previous script (you can find an example here)
• apache-protect - monitors mod_status output to detect a DoS attack, then uses the blacklist tool to cut the offending IP address at the firewall
• blacklist - uses iptables to create a temporarily blacklist
• blacklist-webclient.c - a C program that can be marked suid root, and called from a non-root script to blacklist IP addresses
• error_log_ai - implementation of the Artificial Ignorance concept (devised by Marcus J. Ranum) for the Apache error log
• httpd-guardian - stateful Denial of Service defence together with ModSecurity (1.9.x or better). Uses blacklist to cut of the offending IP addresses dynamically.
• mod_globalerror.c - Apache 2 module that allows the server to have per-virtual host error logs and have one file where all errors are duplicated (useful for server monitoring)
• logscan - easy-to-use log analysis script, supports field names and regular expressions (will support anti-evasion techniques in the future)
• suexec.patch - after applying this patch suexec will chroot binaries to the home directory of the user.