
142
|
Chapter 6: Administering Apache
Let’s try it:
# apt-get install webalizer
...
Which directory should webalizer put the output in?
/var/www/webalizer
Enter the title of the reports webalizer will generate.
Usage Statistics for server1.centralsoft.org
What is the filename of the rotated webserver log?
/var/log/apache2/access.log.1
Access it with the URL http://server1.centralsoft.org/webalizer.
The next day (after the Webalizer daily cron job /etc/cron.daily/webalizer first runs),
you should see pages of tables describing accesses to your web server. You don’t
need to edit the configuration file (/etc/webalizer.conf) unless you want to change the
settings you gave during the installation.
Spammers have ways of manipulating web logs such as Webalizer’s, so
it’s good practice to restrict access to the Webalizer output pages.
SSL/TLS Encryption
Willie Sutton once said that he robbed banks because “that’s where the money is.”
Internet attacks are increasingly being aimed at the application level for the same rea-
son. It’s become essential to encrypt sensitive data such as credit card numbers and
passwords.
When you request a page from a web server with the http:// prefix, all data passing
between the server and your web browser is unencrypted. Anyone with access to the
intervening networks can snoop the contents. Think of plain web access (like stan-
dard email) as a postcard rather than a letter.
The