Yes, you should update ASAP to a patched version of Log4J. You should also consider other ways you can be exploited – do you have java processing emails? But layers of security never hurt, so you can also try this: RewriteCond %{THE_REQUEST} \${ [OR] RewriteCond %{REQUEST_URI} \${ [OR] RewriteCond %{QUERY_STRING} \${ [OR] RewriteCond %{HTTP_USER_AGENT} \${ …
Continue reading ‘Apache RewriteRule Mitigation for log4shell’ »
Put this in your apache config if you are using JBoss & mod_proxy_cluster and want to log which backend JBoss member server your hits are going to: LogFormat “%h %l %u %t \”%r\” %>s %b %{BALANCER_WORKER_NAME}e” commonbackendCustomLog /var/log/httpd/httpd.log commonbackend
With a complex multi-tier stack with HTTP requests getting proxied it can be difficult to track a request as it goes around the system. One thing you can do is enable mod_unique_id in apache – this creates a distinct environment variable UNIQUE_ID in the web server context for each incoming request. Simply loading the module …
Continue reading ‘Add tracking IDs to your web application’ »
Modern versions of logwatch support journalctl logs, to enable this in Centos / RHEL 7 just install the FC27 RPM (dependencies are minimal) and configure like so.
Note that it works with a default loglevel of debug, so in your vhost set: LogLevel debug or change the loglevel it activates at