You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Buddy wu <ej...@gmail.com> on 2009/04/30 10:09:38 UTC
[users@httpd] can it log who login the site with certificate in apache?
when setup apache using ssl, and require a client certificate to login,
then in apache's logfile. can log the user who access the website with
certificate? and which certificate he use, like name, email etc.thanks alog
--
blog <http://eye4china.buddub.com>
Re: [users@httpd] can it log who login the site with certificate in
apache?
Posted by Buddy wu <ej...@gmail.com>.
yes, thank you very much!
2009/4/30 Sean Conner <sp...@conman.org>
> It was thus said that the Great Buddy wu once stated:
> > when setup apache using ssl, and require a client certificate to login,
> > then in apache's logfile. can log the user who access the website with
> > certificate? and which certificate he use, like name, email etc.thanks
> alog
>
> In my Apache config file, I defined the following:
>
> LogFormat "%h %l \"%{SSL_CLIENT_S_DN}x\" %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" sslcombined
>
> And in the configuration for the secure site:
>
> <VirtualHost 66.252.224.242:443>
> ServerName secure.conman.org
> CustomLog /home/spc/web/logs/s-secure.conman.org sslcombined
>
> ...
>
> </VirtualHost>
>
> You may want to play around with what you log. Some examples:
>
> SSL_CLIENT_S_DN
> SSL_CLIENT_S_DN_C
> SSL_CLIENT_S_DN_ST
> SSL_CLIENT_S_DN_L
> SSL_CLIENT_S_DN_O
> SSL_CLIENT_S_DN_OU
> SSL_CLIENT_S_DN_CN
>
> But it really depends upon the fields defined for the certificate.
>
> -spc
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
<a href="http://eye4china.buddub.com">blog</a>
Re: [users@httpd] can it log who login the site with certificate in apache?
Posted by Sean Conner <sp...@conman.org>.
It was thus said that the Great Buddy wu once stated:
> when setup apache using ssl, and require a client certificate to login,
> then in apache's logfile. can log the user who access the website with
> certificate? and which certificate he use, like name, email etc.thanks alog
In my Apache config file, I defined the following:
LogFormat "%h %l \"%{SSL_CLIENT_S_DN}x\" %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" sslcombined
And in the configuration for the secure site:
<VirtualHost 66.252.224.242:443>
ServerName secure.conman.org
CustomLog /home/spc/web/logs/s-secure.conman.org sslcombined
...
</VirtualHost>
You may want to play around with what you log. Some examples:
SSL_CLIENT_S_DN
SSL_CLIENT_S_DN_C
SSL_CLIENT_S_DN_ST
SSL_CLIENT_S_DN_L
SSL_CLIENT_S_DN_O
SSL_CLIENT_S_DN_OU
SSL_CLIENT_S_DN_CN
But it really depends upon the fields defined for the certificate.
-spc
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org