How To Watch https Calls to Apache 2.4 using Perl and mod_status
erics, September 5th, 2017
Step 1: Enable Apache status and lock it down: Make sure mod_status is being loaded:
1 2 3 |
shell> grep -Rn mod_status /etc/httpd/* /etc/httpd/conf.modules.d/00-base.conf:58:LoadModule status_module modules/mod_status.so |
Add support for the call just under the first DocumentRoot statement:
1 2 3 4 5 6 7 8 |
shell> vim /etc/httpd/conf/httpd.conf <Location /server-status> SetHandler server-status Require ip 127.0.0.1 Require ip ::1 Require ip {Your_IP_Here} </Location> |
Step 2. Prepare your environment:
1 |
shell> cpan YAML HTML::TableExtract |
Step 3: Create and run the status script: (See the astat contents at the bottom)
1 2 3 4 5 6 7 8 9 |
shell> vim /root/astat shell> chmod 755 /root/astat shell> vi ~/.bashrc ADD: alias ipw='while true; do sleep 5; /root/astat; done' shell> ipw 1.2.3.4|yourdomain.com:443|POST /wp-cron.php?doing_wp_cron=1563901063.57946491241455078125| |
/root/astat
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
#!/usr/bin/perl use strict; use HTML::TableExtract; # PATH to "curl" utility my $CURL = "/usr/bin/curl"; # URL of the server-status we want to process my $STATUS_URL = "http://localhost/server-status"; # those are the headers in the first row of the table we want to extract # Used by HTML::TableExtract to search for our table, within the whole HTML output my $headers =['Srv','PID','Acc','M','CPU','SS','Req','Conn','Child','Slot','Client','VHost','Request']; # Let's fetch the status page... my $output = `$CURL -s $STATUS_URL`; # Let's search for our table within the HTML... my $tables = HTML::TableExtract->new( headers => $headers ); # We found it (hopefully), so let's parse it... $tables->parse($output); # ...and let's stick to the first one my $status_table = $tables->first_table_found; # Now let's loop allover the rows... foreach my $row_ref ($status_table->rows) { # Let's de-reference the ARRAY reference, so to better manager # the various elements... my @row = @$row_ref; # Let's check for IP next if $row[10]=~/127.0.0.1/; next if $row[10]=~/216.66.125.161/; next if $row[10]=~/69.162.124.235/; # Let's check for an OPTIONS row... if ($row[12]=~/OPTIONS/) { # simply skip to next row in the loop next; } # Let's choose whatever columns we want (first column has index "0") # So here we have Srv, PID, Client and Request #foreach my $column (0,1,10,12) { foreach my $column (10,11,12) { print $row[$column]."|"; } print "\n"; } |