Sunday, February 24, 2008

Creating Your Own Secret Webserver Log With CGI


This is a little trick I like to use every once in a while, if I need to debug visits and don't want to mess with the "official" log files that everyone else looks at and/or may depend upon to do their jobs correctly. The last thing I want to do is cause problems for other people. ...Well, it's pretty close to the end of my list ;) This script (Both the HTML and CGI) should run on any Linux or Unix system. The HTML portion should also run on pretty much any webserver.

The Perl CGI script is very simple, so I've included both the HTML (which you should nest or include in the page you want to track) and the backend CGI script that will record the information for you. The only important things to note are that, in your HTML, you want to set the form variable type to "hidden" (You'll only be passing one variable, which will be bogus, since, in this case, you're just interested in getting environment variables that are normally passed by the POST method). Your CGI output should also be somewhere secure enough that not just anyone can get to it, but unsecure enough so that the user your webserver runs as can actually write to it.

In a worst case scenario here, a malicious user can write bogus data to your file. Putting the file in a separate location is my way of hedging my bets in case there's something else a malicious user can do that I haven't thought of. If they destroy my personal file, I won't have to hear about it from anyone else :)

Without further ado, the HTML and the CGI march on!


Creative Commons License

This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License


<form name="form" method="post" action="">
<input type="hidden" name="bogus" value="0">



# generate your own secret log file
# 2008 - Mike Golvach -
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

print "Content-type: text/plain\n\n";
$logfile = "/wherever/you/want/to/put/your/log_file";
chomp($date = `date +%m%d%y`);
open (LOG, ">>$logfile");
print LOG "$date|";
print LOG "$ENV{'REMOTE_HOST'}|";
print LOG "$ENV{'DOCUMENT_URI'}|";
print LOG "$ENV{'HTTP_REFERER'}\n";
close (LOG);

, Mike