How to install APF (Advanced Policy Firewall) Published: Jan 20, 2004
  • Rating

    4/5

Apache log file analysis and apache log file configurations and examples with this excellent guide.

Configure Web Logs in Apache

Author's Note: While most of this piece discusses configuration options for any operating system Apache supports, some of the content will be Unix/Linux (*nix) specific, which now includes Macintosh OS X and its underlying Unix kernel.

One of the many pieces of the Website puzzle is Web logs. Traffic analysis is central to most Websites, and the key to getting the most out of your traffic analysis revolves around how you configure your Web logs. Apache is one of the most -- if not the most -- powerful open source solutions for Website operations. You will find that Apache's Web logging features are flexible for the single Website or for managing numerous domains requiring Web log analysis.

For the single site, Apache is pretty much configured for logging in the default install. The initial httpd.conf file (found in /etc/httpd/conf/httpd.conf in most cases) should have a section on logs that looks similar to this (Apache 2.0.x), with descriptive comments for each item. Your default logs folder will be found in /etc/httpd/logs . This location can be changed when dealing with multiple Websites, as we'll see later. For now, let's review this section of log configuration.

ErrorLog logs/error_log

LogLevel warn

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent


CustomLog logs/access_log combined

Error Logs

The error log contains messages sent from Apache for errors encountered during the course of operation. This log is very useful for troubleshooting Apache issues on the server side.

Apache Log Tip: If you are monitoring errors or testing your server, you can use the command line to interactively watch log entries. Open a shell session and type "tail –f /path/to/error_log" . This will show you the last few entries in the file and also continue to show new entries as they occur.

There are no real customization options available, other than telling Apache where to establish the file, and what level of error logging you seek to capture. First, let's look at the error log configuration code from httpd.conf.

ErrorLog logs/error_log

You may wish to store all error-related information in one error log. If so, the above is fine, even for multiple domains. However, you can specify an error log file for each individual domain you have. This is done in the <VirtualHost> container with an entry like this:

<VirtualHost 10.0.0.2>
DocumentRoot "/home/sites/domain1/html/"
ServerName domain1.com
ErrorLog /home/sites/domain1/logs/error.log
</VirtualHost>

If you are responsible for reviewing error log files as a server administrator, it is recommended that you maintain a single error log. If you're hosting for clients, and they are responsible for monitoring the error logs, it's more convenient to specify individual error logs they can access at their own convenience.

The setting that controls the level of error logging to capture follows below.

LogLevel warn

Apache's definitions for their error log levels are as follows:

Apache Web Log

Tracking Website Activity

Often by default, Apache will generate three activity logs: access, agent and referrer. These track the accesses to your Website, the browsers being used to access the site and referring urls that your site visitors have arrived from.

It is commonplace now to utilize Apache's "combined" log format, which compiles all three of these logs into one logfile. This is very convenient when using traffic analysis software as a majority of these third-party programs are easiest to configure and schedule when only dealing with one log file per domain.

Let's break down the code in the combined log format and see what it all means.

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined

LogFormat starts the line and simply tells Apache you are defining a log file type (or nickname), in this case, combined. Now let's look at the cryptic symbols that make up this log file definition.

Apache Logs 2 - Click for larger image

To review all of the available configuration codes for generating a custom log, see Apache's [1] docs on the module_log_config , which powers log files in Apache.

Apache Log Tip: You could capture more from the HTTP header if you so desired. A full listing and definition of data in the header is found at the World Wide Web Consortium [2] .

For a single Website, the default entry would suffice:

CustomLog logs/access_log combined

However, for logging multiple sites, you have a few options. The most common is to identify individual log files for each domain. This is seen in the example below, again using the log directive within the <VirtualHost> container for each domain.

<VirtualHost 10.0.0.2>
DocumentRoot "/home/sites/domain1/html/"
ServerName domain1.com
ErrorLog /home/sites/domain1/logs/error.log
CustomLog /home/sites/domain1/logs/web.log
</VirtualHost>

<VirtualHost 10.0.0.3>
DocumentRoot "/home/sites/domain2/html/"
ServerName domain2.com
ErrorLog /home/sites/domain2/logs/error.log
CustomLog /home/sites/domain2/logs/web.log
</VirtualHost>

<VirtualHost 10.0.0.4>
DocumentRoot "/home/sites/domain3/html/"
ServerName domain3.com
ErrorLog /home/sites/domain3/logs/error.log
CustomLog /home/sites/domain3/logs/web.log
</VirtualHost>

In the above example, we have three domains with three unique Web logs (using the combined format we defined earlier). A traffic analysis package could then be scheduled to process these logs and generate reports for each domain independently.

This method works well for most hosts. However, there may be situations where this could become unmanageable. Apache recommends a special single log file for large virtual host environments and provides a tool for generating individual logs per individual domain.

We will call this log type the cvh format, standing for "common virtual host." Simply by adding a %v (which stands for virtual host) to the beginning of the combined log format defined earlier and giving it a new nickname of cvh, we can compile all domains into one log file, then automatically split them into individual log files for processing by a traffic analysis package.

LogFormat "%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" cvh

In this case, we do not make any CustomLog entries in the <VirtualHost> containers and simply have one log file generated by Apache. A program created by Apache called split_logfile is included in the src/support directory of your Apache sources. If you did not compile from source or do not have the sources, you can get the Perl script [3] .

The individual log files created from your master log file will be named for each domain (virtual host) and look like: virtualhost.log.

Log Rotation

Finally, we want to address log rotation. High traffic sites will generate very large log files, which will quickly swallow up valuable disk space on your server. You can use log rotation to manage this process.

There are many ways to handle log rotation, and various third-party tools are available as well. However, we're focusing on configurations native to Apache, so we will look at a simple log rotation scheme here. I'll include links to more flexible and sophisticated log rotation options in a moment.

This example uses a rudimentary shell script to move the current Web log to an archive log, compresses the old file and keeps an archive for as long as 12 months, then restarts Apache with a pause to allow the log files to be switched out.

mv web11.tgz web12.tgz
mv web10.tgz web11.tgz
mv web9.tgz  web10.tgz
mv web8.tgz  web9.tgz
mv web7.tgz  web8.tgz
mv web6.tgz  web7.tgz
mv web5.tgz  web6.tgz
mv web5.tgz  web6.tgz
mv web4.tgz  web5.tgz
mv web3.tgz  web4.tgz
mv web2.tgz  web3.tgz
mv web1.tgz  web2.tgz
mv web.tgz   web1.tgz
mv web.log   web.old
/usr/sbin/apachectl graceful
sleep 300
tar cvfz web.tgz web.old

This code can be copied into a file called logrotate.sh , and placed inside the folder where your web.log file is stored (or whatever you name your log file, e.g. access_log, etc.). Just be sure to modify for your log file names and also chmod (change permissions on the file) to 755 so it becomes an executable.

This works fine for a single busy site. If you have more complex requirements for log rotation, be sure to see some of the following sites. In addition, many Linux distributions now come with a log rotation included. For example, Red Hat 9 comes with logrotate.d , a log rotation daemon which is highly configurable. To find out more, on your Linux system with logrotate.d installed, type man logrotate .

Log Rotation Sites

For more information on log roation, see:

  • Rating

    4/5

Related Articles

Comments (83)

  • Gravatar - Edward
    Edward 22:57, January 25, 2004
    This worked great, but if your kernel is compiled with iptables statically instead of as a module you need to do this in the conf.apf
    MONOKERN="0"
    Set it to "1" and then try start APF again.
  • Gravatar - chris
    chris 21:08, February 3, 2004
    the firewall should be set to 0 not 1 to be running allt eh time setting to 1 = turns off after 5 minutes ..i would fix it or you will have newbies with firewalls off everywhere
  • Gravatar - jdwh
    jdwh 17:12, February 11, 2004
    Does this work for Burst.net servers? In the past there was a thread in their forums saying it was incompatible. Maybe this was fixed?
  • Gravatar - ryan
    ryan 19:40, February 11, 2004
    great howto document and covers the current release whereas most people cover the RPM release; great job.
  • Gravatar - Steve
    Steve 04:54, February 12, 2004
    jdwh - yes it works with any Linux servers, if you have any questions about firewall ports on the network then contact your provider.
  • Gravatar - Tom
    Tom 13:26, March 22, 2004
    Don't you need to type the following so APF starts after a reboot?

    chkconfig --level 2345 apf on
  • Gravatar - ryan
    ryan 12:02, April 9, 2004
    No; chkconfig is run during installation by APF's install.sh script.
  • Gravatar - greg
    greg 23:07, April 22, 2004
    anyone know how to stop if from logging to the terminal (tty1?)
  • Gravatar - autoquartz
    autoquartz 08:17, April 24, 2004
    How about Plesk 7 Server?
  • Gravatar - BAMF
    BAMF 22:26, April 26, 2004
    Make sure to add port #3306 to IG_TCP_CPORTS if you want to remotely administer your database.
  • Gravatar - Scott
    Scott 00:17, May 11, 2004
    Im kinda a newbie at this I use 4 diff Ipadresses on my machine could someone tell me how to add in so all the ip's use the same rights. Last firewall I tried blocked all my other Ip's on all ports thanx
  • Gravatar - chris
    chris 03:52, May 14, 2004
    How do you block an Ip in APF?
  • Gravatar - Steve
    Steve 17:03, May 27, 2004
    To block and IP in APF go to /etc/apf and pico deny_hosts.conf. Scroll down and add the IP addresses you need to block, each on a separate line. Comments with more details are in the file.
  • Gravatar - Anton
    Anton 10:48, June 1, 2004
    Guys, what about ports for passive ftp?
  • Gravatar - Colin Myerscough
    Colin Myerscough 16:13, June 2, 2004
    I can not use this firewall because feeds.dshield.org does not exist and I can not get the block.txt from there. Who can help me
  • Gravatar - Tim Rice
    Tim Rice 19:55, June 7, 2004
    APF is great, except I sometimes have a hard time taking out a chain. For an example, I have the following loaded in the chain:
    32 DROP all -- 83.0.0.0/8 anywhere

    I have tried to remove this, but can't for some strange reason. Is there a file that I can edit?
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:04, June 10, 2004
    I had to open port 2089 because it was having problems with the license. Apparently cpanel needs the license sync port 2089 not only for incoming but also for outgoing traffic open
  • Gravatar - Janos
    Janos 21:15, June 17, 2004
    I get an error message when I want to start APF: /usr/local/sbin/apf: line 1: ifconfig: command not found . What's wrong here?
  • Gravatar - For Janos from WHG
    For Janos from WHG 20:05, June 18, 2004
    Run: cat /etc/apf/VERSION<br />
    You should see version: 0.9.3-rev3<br />
    <br />
    Then before you run any APF commands make sure you're logged in as the root environment: su - <br />
    <br />
    Make sure you use the "-" otherwise you won't be in the environment, this is why you're getting the error message I'm fairly sure.
  • Gravatar - DJALPHA
    DJALPHA 20:01, June 20, 2004
    Which is correct? 3000_3500 or 30000_35000 ? <br />
    Please check how to thx.
  • Gravatar - reanncw
    reanncw 17:39, June 21, 2004
    i get this,<br />
    <br />
    /etc/apf/vnet/vnetgen: ip: command not found<br />
    lsmod: QM_MODULES: Function not implemented<br />
    <br />
    iptables v1.2.6a: unknown protocol `ipv6-crypt' specified<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:13, July 16, 2004
    Also port 873 ingress is needed for Rsync... this is needed for /scripts/easyapache
  • Gravatar - Gareth
    Gareth 13:17, August 2, 2004
    Is APF compatible with FreeBSD?
  • Gravatar - Andy
    Andy 15:57, August 11, 2004
    error as follows<br />
    <br />
    iptables v1.2.9 invalild TCP / Port Service '=21' specified<br />
    <br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
  • Gravatar - Bob
    Bob 16:56, August 30, 2004
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?
  • Gravatar - Sun Joo
    Sun Joo 13:46, October 20, 2004
    After APF started, the sites are not accessed from the browser. The moment I stop APF, then sites are loaded. What am I missing ? Any clue ? Thanks.
  • Gravatar - JLchafardet
    JLchafardet 18:51, November 2, 2004
    does this tutorial have ever been tested on RHEL ES3 Plesk Reloaded based servers?
  • Gravatar - Caz
    Caz 03:41, December 18, 2004
    I get "unknown host" when doing apf -r. Anyone know why?
  • Gravatar - Mtrafox
    Mtrafox 19:28, January 21, 2005
    Hy.<br />
    After I installed APF, I have some problems.<br />
    When I get the mail from BDF, that someone atack my one of virtual IP, and I ceck with ifconfig, my virtual interface is down. Some time all of my virtual interface are down. Anyone know how to fix this ?
  • Gravatar - Randall_James
    Randall_James 13:05, January 29, 2005
    chris <br />
    How do you block an Ip in APF? <br />
    <br />
    apf -d 12.345.67.89 <br />
    ----------------------<br />
    Bob and Caz<br />
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?<br />
    <br />
    Check the deny_host.rules, there is probably a bad entry in the bottom half of file<br />
    ________________________<br />
    INSTALL NOTE:<br />
    During the final phase of install you will recieve some output to screen, this will list the current listening ports! Generally these are going to be need added to the allowed ports in the conf.apf file. Also monitored services need open ports (eg, ThePlanet) check with your datacenter for a list of these ports.<br />
    <br />
  • Gravatar - Jafar
    Jafar 08:13, February 8, 2005
    hello ,,<br />
    I have got a question ..I want your help for me please in this problem ..<br />
    <br />
    Sometime : Network error(tcp_error) A communication error occurred: "Operation timed out"<br />
    Sometime : operatio timed out<br />
    Sometime : The page cannot be displayed<br />
    Sometime : Problem Report<br />
    <br />
    Some of the tracts is not able to the entry this talk is visible to them by higher<br />
    An example ( UAE emirates . Syria . Egypt ..<br />
    <br />
    this problem From , "Fairwell APF"<br />
    <br />
    Stop the program of the protection "APF" they are able to the entry (/usr/local/sbin/apf -f"<br />
    Start,run the program of the protection "APF" They are not able to the entry (/usr/local/sbin/apf -s)<br />
    <br />
    <br />
    what's I want do on a this <br />
    By start this the problems From about 25 days .<br />
    <br />
    thanks . I hope your help
  • Gravatar - apfwannabe
    apfwannabe 01:38, April 22, 2005
    how much memory and cpu usage does APF consumes?<br />
    <br />
    i have a vps with 199mb running whm/cpanel and has average load of 75% mem and 1 cpu load.<br />
    <br />
    will apf makes the server unstable considering my current vps resources<br />
    above?<br />
  • Gravatar - Henry
    Henry 03:59, April 23, 2005
    Hello,<br />
    <br />
    I got this error during installation, please help,<br />
    <br />
    Other Details:<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 0.9.4-6 to 0.9.5-1.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    root@host [~/downloads/apf-0.9.5-1]# ./install.sh<br />
    Installing APF 0.9.5-1: Completed.
  • Gravatar - need-help
    need-help 12:01, May 2, 2005
    unknow host
  • Gravatar - Matt
    Matt 19:35, June 10, 2005
    I installed this successfully but then it locked me out! It blocked all IP's and I wasn't even able to get in via SSH - what do I have to mod for this to work? I had to have my datacenter disable firewall so I could have remote access again...
  • Gravatar - Tedd
    Tedd 11:44, July 25, 2005
    I cant seem to configure this properly so that I can take it out of test mode. When running I cannot access my website.<br />
    <br />
    I using WMH with cPanel. I got it installed okay. But no matter how I configure the options, Im denied from the website.<br />
    <br />
    Any ideas?
  • Gravatar - Tapan
    Tapan 20:02, July 25, 2005
    Hi,<br />
    <br />
    When i did all i got this and its not working:<br />
    <br />
    /usr/local/sbin/apf -s<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    /etc/apf/firewall: line 1: /sbin/lsmod: No such file or directory<br />
    Unable to load iptables module (ip_tables), aborting.<br />
    <br />
    Thanks.
  • Gravatar - Ankush
    Ankush 20:35, August 16, 2005
    Please update the article to match the latest version settings of apf. The new apf has lot of new features.
  • Gravatar - Liam Glanfield
    Liam Glanfield 20:21, August 17, 2005
    This was very detailed and spot on but I think I may have done somthing wrong. I have cpanel so used there port numbers given above. When i get to the part apf -s it works ok but I get "wget comand not found, try usinf wget --help for more info..." yet if I do apf -st it says it is working?! is this normal ??
  • Gravatar - Starfinder
    Starfinder 13:01, September 6, 2005
    Matt, Are you running SSH on a port other than 22? If so, you must also allow connections to this port.
  • Gravatar - nowayout
    nowayout 11:11, December 3, 2005
    root@server1 [~/downloads]# /usr/local/sbin/apf -s<br />
    iptables v1.2.11: host/network `216-211-192-63.noviant.com' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `216-211-192-63.noviant.com' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `adsl_corporativo16760-74.etb.net.co' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `adsl_corporativo16760-74.etb.net.co' not found<br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
    How I could fix that ?
  • Gravatar - Buddah
    Buddah 07:14, December 11, 2005
    Hmm, now my webpages won't load, ftp/plesk/ssh all work fine but websites won't load :-?
  • Gravatar - Fernando
    Fernando 06:43, January 24, 2006
    APF is dieing right after I call it. I don't know why. In logs I can only see:<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} loading postroute.rules<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (egress) output accept<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (ingress) input drop<br />
    Jan 24 00:42:13 nocserver apf(28488): firewall initalized<br />
    <br />
    Do you know why?
  • Gravatar - NOTSUPPORT
    NOTSUPPORT 23:23, January 30, 2006
    THIS IS NOT TECHNICAL SUPPORT. GO SEEK SUPPORT ELSEWHERE.
  • Gravatar - Cleber
    Cleber 06:53, February 12, 2006
    How to install APF in 2 or more interfaces?<br />
    <br />
    ex: eth0, eth0.1 and others
  • Gravatar - Rainer
    Rainer 22:50, February 14, 2006
    Howto config NAT (iptable) with APF?
  • Gravatar - Morons
    Morons 23:23, March 6, 2006
    this isn't a support page, go elsewhere! This is just about one of the easiest monitoring software out there.
  • Gravatar - Luis
    Luis 03:12, March 15, 2006
    If you have Cpanel be sure to also open port 26 if you have a copy of exim on that port for the clients that have isp's that block 25
  • Gravatar - enes
    enes 23:06, April 4, 2006
    when using smbmount command with APF, smbmount does not working and gives "/bin/ls: .: Stale NFS file handle" error. <br />
    <br />
    to solve this problem, use this;<br />
    <br />
    ./apf -a OTHER_SERVER_IP<br />
    ./apf -r
  • Gravatar - Fred
    Fred 07:22, May 3, 2006
    I see cpanel is spoken about as it relates to this error but I am using monsterconls would it make a different.<br />
    <br />
    lsmod: QM_MODULES: Function not implemented Unable to load iptables module (ip_tables), aborting.<br />
    <br />
    I am have DDOS and install apf but can't get to load.<br />
    <br />
    Any help would be welcomed -THANKSl
  • Gravatar - Steve
    Steve 16:51, June 5, 2006
    I get installed the apf on server but cannot control the DDOS attack.<br />
    Please let us know what to do.<br />
    I have configured everything.<br />
    The attack is now going on.
  • Gravatar - Calvin
    Calvin 18:41, June 14, 2006
    How to remove this firewall after installation ?<br />
    <br />
    Regards,<br />
    Calvin
  • Gravatar - Calvin Phan
    Calvin Phan 19:11, June 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Steve
    Steve 23:37, June 19, 2006
    rm -fv /etc/cron.daily/fw<br />
    chkconfig --del apf<br />
    rm -frv /etc/apf<br />
  • Gravatar - Muhammad Sajjad
    Muhammad Sajjad 15:28, June 23, 2006
    i need ur help about configuring firewall on routers. please provide me some notes or tutorials.
  • Gravatar - FD
    FD 19:56, July 8, 2006
    APF simply does not work correctly with 2.6 kernels due to module name changes and incompatibilities. You get the "Unable to load iptables module (ipt_state), aborting" message<br />
    <br />
    Setting "MONOKERN" to 1 is not a solution as it causes problems with passive FTP (amongst others) and (as mentioned in the script) is NOT supported.<br />
    <br />
    I have searched everywhere for a fix, but nothing is suitable. I have uninstalled APF and will wait for a release that addresses this issue.
  • Gravatar - M0Dy
    M0Dy 19:38, July 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Nemesiz
    Nemesiz 22:31, July 16, 2006
    remove /etc/apf dir. APF - its only a script to make firewall rukes, not firewall.
  • Gravatar - Fidoxd
    Fidoxd 12:12, August 5, 2006
    Is normal this log?<br />
    <br />
    ago 05 11:55:01 server2 apf(31989): flushing & zeroing chain policies<br />
    ago 05 11:55:01 server2 apf(31989): firewall offline<br />
    ago 05 12:00:03 server2 apf(32043): flushing & zeroing chain policies<br />
    ago 05 12:00:03 server2 apf(32043): firewall offline<br />
  • Gravatar - David Yasmineh
    David Yasmineh 18:53, August 10, 2006
    heres the issue....APF / BFD are really nice if you have a fixed IP that you use to access your server from. <br />
    <br />
    The thing is i get a million unauthorized login attempts a month. I read about this script called PYTHON SCRIPT which would automatically block the attacking ip address for a period of time if it failed to authorize more than 3 times for example.<br />
    <br />
    Now APF / BFD do the same?????<br />
    <br />
    Please let me know, email me<br />
    <br />
    david_yasmineh@yahoo.com<br />
    <br />
    kind of urgent for me pls.<br />
    <br />
    thnks
  • Gravatar - Daniel
    Daniel 15:33, September 2, 2006
    Hi,<br />
    <br />
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    Please help..
  • Gravatar - el
    el 14:55, September 19, 2006
    i tried to install on debian ...<br />
    cp: cannot create regular file `/etc/rc.d/init.d/apf': No such file or directory<br />
    <br />
    debian doesn't have an /etc/rc.d/init.d directory. I assume that I should just edit the install script to point to /etc/init.d ?
  • Gravatar - Joe
    Joe 13:52, November 19, 2006
    APF & BFD both installed successfully and apparently working correctly except for two issues.<br />
    <br />
    1/ No email alerts are being received (I have configured as per instructions)<br />
    <br />
    2/ For AntiDOS for APF the file /var/log/apfados_log is missing.<br />
    <br />
    Finally, how do I set the time during which a brute attack is allowed before being stopped. For instance, my server was under attack for 10 minutes during which time a huge number of attempts were made before being stopped. How do I reduce this time or preferably set a number of instances (5 perhaps) before an attack is stopped.<br />
    <br />
    Thanks<br />
    <br />
    Joe
  • Gravatar - Alan
    Alan 00:31, November 23, 2006
    Antidos is intended to operate via cron. This is a critical setup point as if<br />
    not done, antidos will simply not operate.<br />
    <br />
    The following string can be placed into /etc/crontab or similar file:<br />
    */2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1<br />
    <br />
    This will run antidos every two minutes. I dont recommend running it once a<br />
    minute as it may cause a bottleneck for itself and the CPU. Likewise running it<br />
    beyound a period of once every 5 minutes is not recommended either, for obviouse<br />
    reasons.<br />
  • Gravatar - Jeff
    Jeff 18:26, December 12, 2006
    Port 37 also needs to be open on Cpanel servers. The rdate function uses 37 to connect to the time servers
  • Gravatar - Steve
    Steve 00:31, February 12, 2007
    APF Plesk Ports<br />
    <br />
    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443"<br />
    IG_UDP_CPORTS="37,53,873"<br />
    <br />
    EGF="1"<br />
    EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873,5224"<br />
    EG_UDP_CPORTS="53,873"
  • Gravatar - Raptor
    Raptor 03:22, February 16, 2007
    Great How to! Worked 1st time.
  • Gravatar - Steve
    Steve 23:23, April 28, 2007
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    any ideas ?
  • Gravatar - Beth
    Beth 13:31, May 1, 2007
    Has anyone gotten this to work to deny traffic from hosts that are perpetrating dictionary attacks against an FTP server? For example, several times a week, we have people running a database of usernames against our ftp servers. Sometimes, so much that my logs are 15-50 MB larger from logging the attempts. It would be great if we could stop a user at 5 attempts or so. The FTP server itself stops the user after 3 failed logins, but they go on with more from the list, so it could end up being thousands of names.<br />
    <br />
    Thanks!<br />
    Beth
  • Gravatar - binoy
    binoy 03:16, June 11, 2007
    How can I unblock an ip through apf.<br />
    <br />
    email me at binoy1983@yahoo.com
  • Gravatar - Senthil
    Senthil 04:43, July 18, 2007
    Are there any ways in adding apf in whm panel (doing all the operations in the whm panel)?.
  • Gravatar - Rich
    Rich 02:16, November 16, 2007
    Is this guide still current? I only ask because it was 3 years ago that this article was originally published. Have any instructions changed?
  • Gravatar - Shaun
    Shaun 10:52, December 12, 2007
    Works fine as of December 2007
  • Gravatar - vinyas
    vinyas 16:18, January 19, 2008
    Works super as of January 2008
  • Gravatar - Valeriu Palos
    Valeriu Palos 13:34, February 12, 2008
    This tool also runs beautifully on Ubuntu based machines (maybe even Debian) using this patch:<br />
    <br />
    http://codeblog.palos.ro/2007/09/08/apf-firewall-on-ubuntu-704/
  • Gravatar - pankaj dhingra
    pankaj dhingra 06:53, March 7, 2008
    cannot stat `/etc/apf.bk.last/vnet/*.rules': <br />
    <br />
    facing this problem while installing apf
  • Gravatar - devil2005
    devil2005 13:28, April 13, 2008
    i issue the command apf -d 192.168.1.64 . and also another ipddress for a webproxy to see if apf blocks it . but it doesnt . i have doen apf -r . and the webpage is still displayed to the blocked hosts . whats wrong
  • Gravatar - Milos
    Milos 23:20, June 8, 2008
    Starting with version 0.9.6-3 APF completely replaced Antidos with RAB (Reactive Address Blocking). So there is no more additional AntiDos cron job, everything is managed by APF and the RAB options are in conf.apf as expected.<br />
    <br />
    It would be nice that you update this tutorila. :)
  • Gravatar - Albert
    Albert 15:28, January 5, 2009
    i have some probs.. :<br />
    <br />
    root@viper [/apf-9.6-5]# ./install.sh<br />
    Installing APF 9.6-5: eth0: error fetching interface information: Device not found<br />
    Completed.<br />
    <br />
    Installation Details:<br />
    Install path: /etc/apf/<br />
    Config path: /etc/apf/conf.apf<br />
    Executable path: /usr/local/sbin/apf<br />
    <br />
    Other Details:<br />
    eth0: error fetching interface information: Device not found<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 9.6-5 to 9.6-5.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    <br />
    i'm using : <br />
    <br />
    cPanel 11.24.4-R32603 - WHM 11.24.2 - X 3.9<br />
    CENTOS 5.2 i686 on virtuozzo<br />
    Ethernet Device : venet0:0
  • Gravatar - petrepaul
    petrepaul 17:39, May 7, 2009
    when i do nano /etc/apf/ad/conf.antidos <br />
    <br />
    or pico /etc/apf/ad/conf.antidos<br />
    <br />
    creates a new file? everything else installed and works fine, any suggestions?<br />
    <br />
    really need to update this information with current version apf-9.7-1 <br />
  • Gravatar - bazzii
    bazzii 16:00, June 22, 2009
    I had a problem..<br />
    <br />
    In my site RSS feeds are there.. When I stop APF it works just fine.. But when start it, the RSS feed doesn't work. I had tried to flush it,<br />
    <br />
    # service iptables stop<br />
    # iptables -F<br />
    # service iptables save<br />
    # service iptables start<br />
    <br />
    But the rules are still comin in ?... Hoe do I flush this rules ?<br />
    <br />
    Any help appreciated !!
  • Gravatar - David Yasmineh
    David Yasmineh 05:57, June 8, 2010
    waw...2006...almost 5 years later..lol and i come accross this site again...

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2014 WebHostGear.com