You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Buddy wu <ej...@gmail.com> on 2009/04/30 10:09:38 UTC

[users@httpd] can it log who login the site with certificate in apache?

when setup apache using ssl, and require a client certificate to login,
then in apache's logfile. can log the user who access the website with
certificate? and which certificate he use, like name, email etc.thanks alog

-- 
blog <http://eye4china.buddub.com>

Re: [users@httpd] can it log who login the site with certificate in apache?

Posted by Buddy wu <ej...@gmail.com>.

yes, thank you very much!

2009/4/30 Sean Conner <sp...@conman.org>

> It was thus said that the Great Buddy wu once stated:
> > when setup apache using ssl, and require a client certificate to login,
> > then in apache's logfile. can log the user who access the website with
> > certificate? and which certificate he use, like name, email etc.thanks
> alog
>
>   In my Apache config file, I defined the following:
>
> LogFormat "%h %l \"%{SSL_CLIENT_S_DN}x\" %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" sslcombined
>
> And in the configuration for the secure site:
>
> <VirtualHost 66.252.224.242:443>
>  ServerName            secure.conman.org
>  CustomLog             /home/spc/web/logs/s-secure.conman.org sslcombined
>
>  ...
>
> </VirtualHost>
>
>  You may want to play around with what you log.  Some examples:
>
>        SSL_CLIENT_S_DN
>        SSL_CLIENT_S_DN_C
>        SSL_CLIENT_S_DN_ST
>        SSL_CLIENT_S_DN_L
>        SSL_CLIENT_S_DN_O
>        SSL_CLIENT_S_DN_OU
>        SSL_CLIENT_S_DN_CN
>
>  But it really depends upon the fields defined for the certificate.
>
>  -spc
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
<a href="http://eye4china.buddub.com">blog</a>

Re: [users@httpd] can it log who login the site with certificate in apache?

Posted by Sean Conner <sp...@conman.org>.

It was thus said that the Great Buddy wu once stated:
> when setup apache using ssl, and require a client certificate to login,
> then in apache's logfile. can log the user who access the website with
> certificate? and which certificate he use, like name, email etc.thanks alog

  In my Apache config file, I defined the following:

LogFormat "%h %l \"%{SSL_CLIENT_S_DN}x\" %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" sslcombined

And in the configuration for the secure site:

<VirtualHost 66.252.224.242:443>
  ServerName            secure.conman.org
  CustomLog             /home/spc/web/logs/s-secure.conman.org sslcombined

  ...

</VirtualHost>

  You may want to play around with what you log.  Some examples:
	
	SSL_CLIENT_S_DN
	SSL_CLIENT_S_DN_C
	SSL_CLIENT_S_DN_ST
	SSL_CLIENT_S_DN_L
	SSL_CLIENT_S_DN_O
	SSL_CLIENT_S_DN_OU
	SSL_CLIENT_S_DN_CN

  But it really depends upon the fields defined for the certificate.

  -spc


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org