Web server protection: web server logs and security


This article on logs and web server security continues the Infosec Skills series on web server protection. While there are many active and passive defenses that can be used in an attempt to secure a web server and mitigate the risk of an attack, one of the most powerful methods is to understand and use server logs. Web. Quite simply, the web server log is a guest book or login sheet that records visitors when they visit your organization’s website, including some basic information about them.

In the event of a security incident, remember that all cyber attackers leave a trail of their work; the difficulty is knowing where to look and what to look for. Newspapers, therefore, are often the best first place to look.

What are web server logs?

Web server logs capture a range of data about requests processed by the web server on your network. These log files are often configured to be saved, by default, in a text file in Common Log format and can be customized to collect a variety of information that passes through your web server.

While this is covered in more detail later in this article, some of the data that can be collected, stored, and analyzed for problem resolution includes: client IP addresses, user agent strings, date, time, server name, server IP address and services running, among many others.

The log can also capture requests from other computers that request data from the web server and internal actions taken by the server itself, such as updates. With this information, you can see who is visiting your website, where in your website are they going, and what types of actions are being taken.

Types of logs

The access log of a web server captures information about (Read more …)

Comments are closed.