Can a user identify or discard cPanel subdomain log entries?
cPanel provides cpanel.<site>, webdisk.<site>, and webdisk.<site>. Access to these subdomains are not controlled by the user's .htaccess file (and shouldn't be). However, the access logs contain access entries for both the <site> and the above subdomains, and the default NCSA extended/combined log format does not indicate which (sub)domain was accessed. The result is that the logs contain entries that cannot be controlled by the user through the .htaccess file, since mod_log_config is not available by default. The logs are thus highly confusing.
Is there some way for the user to control this behavior without special intervention by the cPanel admin?
-
Hey there! Can you let me know specifically where and how you are checking the logs on the server so I can test this on my end?
0 -
Raw logs are in <home>/logs/<site>-ssl_log-<month>-<year>.gz if SSL is enabled, or <home>/logs/<site>-<month>-<year>.gz if not. There is also a raw log that accumulates over the day and gets added at some point in the evening, but I don't know where that is found.
0 -
I figured I could have .htaccess get the server port and add it to the referer in the logs, but when I tried
RequestHeader append Referer "bob"
the logs have "bob" never appended if the referer is non-empty and seem to set the empty referer only sometimes, in an utterly random cross section of log entries.
Also, the effect of logging all the subdomains together can lead to some really weird results from Awstats. For example, every time the script kiddies come by and poke for a security vulnerability in cpanel or webmail, or webdisk, I get a referer entry in Awstats, on top of a 404.
0 -
Thanks for providing those specific details. I don't have a way to exclude those domains from the logs, as we pull that information straight from the Apache logs. Would excluding the data from the logging tools (AWStats, Webalizer, etc) solve your issue?
0 -
As far as I know, the logging tools read the apache logs, so the issue is not fixable downstream. It has to be fixed in Apache, but ahead of the user's .htaccess file. The user can't fix this because the default modules don't cover mod_log_config.
Personally, I download the raw access logs and analyze them myself. That was the motivation for trying the "RequestHeader" modification above, since I would have been able to unwind that if it had worked.
0 -
I'd recommend submitting a feature request at features.cpanel.net if you'd like to see increased control over that area (I also manage that area of the product), but in general, no, there isn't going to be anything a cPanel user can do with just their account access.
0 -
Done!
0 -
I did see that one come in and I sent it over to the team. I'm not entirely sure when they'll get to it, but I respond to every feature request so you'll likely hear something from me in an email at some point.
0
Please sign in to leave a comment.
Comments
8 comments