Permalink
Browse files

server-specific logger_mod and auth_mod (capflam)

Make logger_mod and auth_mod configuration variables local to each
virtual server. The logger_mod variable can be used to customize
access and auth messages. The auth_log variable previously was global,
but it now lives in the server configuration and the global variable
is deprecated.

The new behaviour yaws_logger must be used to define external modules
to log messages.
  • Loading branch information...
1 parent 4a7c1b1 commit d9342f8b920344db81eb705a5a6408140c3fa9c5 @capflam capflam committed with vinoski May 4, 2011
Showing with 559 additions and 437 deletions.
  1. +84 −57 doc/yaws.tex
  2. +28 −26 include/yaws.hrl
  3. +73 −59 man/yaws.conf.5
  4. +7 −2 scripts/yaws.conf.template
  5. +1 −0 src/Makefile
  6. +6 −3 src/yaws.erl
  7. +1 −1 src/yaws_api.erl
  8. +22 −14 src/yaws_config.erl
  9. +195 −197 src/yaws_log.erl
  10. +119 −0 src/yaws_logger.erl
  11. +6 −70 src/yaws_server.erl
  12. +4 −2 test/conf/authconf.conf
  13. +8 −2 test/conf/stdconf.conf
  14. +3 −2 www/embed.yaws
  15. +2 −2 www/soap_intro.yaws
View
@@ -1719,6 +1719,11 @@ \section{Logs}
\Yaws\ will produce a log in Common Access Log Format called
\textit{HostName:PortNumber.access}
+\item The auth log. Auth logging is turn on or off per server in the
+ \textit{yaws.conf} file. If auth\_log is turned on for a server, \Yaws\ will
+ produce a log called \textit{HostName:PortNumber.auth} which contains all http
+ auth related messages.
+
\item \textit{report.log} This file contains all error and crash
messages for all virtual servers in the same file.
@@ -2058,68 +2063,20 @@ \section{Global Part}
\item \verb+<Host>.access+ - for each virtual host served by \Yaws\ ,
a file \verb+<Host>.access+ will be written which contains
an access log in Common Log Format.
- \item \verb+auth.log+ - if configured, all HTTP
- auth-related messages go here.
+ \item \verb+<Host>.auth+ - for each virtual host served by
+ \Yaws\ , a file \verb+<Host>.auth+ will be written which
+ contains all http auth related messages.
\item \verb+trace.http+ - this file contains the HTTP trace if
that is enabled
\item \verb+trace.traffic+ - this file contains the traffic
trace if that is enabled
\end{itemize}
-\item \verb+logger_mod = Module+ -
- It is possible to set a special module that handles
- access logging. The default is to log all web server
- traffic to the \verb+<Host>.access+ file in the
- configured or default \verb+logdir+.
-
- When it needs to log an access, \Yaws\ will invoke the
- function \verb+Module:accesslog/8+. The arguments to
- this function are as follows:
-
-\begin{itemize}
-\item \verb+ServerName+ - name of the server that was accessed (as a
- string). If the server was accessed on a port other than the HTTP
- default port 80, the name also includes the port number,
- e.g. ``server:8000''. Implementations of the \verb+accesslog+
- function can use this argument to distinguish among different
- logging formats for different servers.
-
-\item \verb+IpAddress+ - IP address of the accessing client (as a
- tuple).
-
-\item \verb+User+ - the username of the authenticated user (as a
- string).
-
-\item \verb+Req+ - the HTTP method, URI path, and HTTP version of the
- request (as a list of strings and characters).
-
-\item \verb+Status+ - the HTTP status code returned to the client (as
- a string).
+ Note that \verb+<Host>.access+ and \verb+<Host>.auth+ files will
+ be used only if the directive \verb+logger_mod+ is not set or set
+ to \verb+yaws_log+.
-\item \verb+Length+ - the content-length of the response returned to
- the client (as a string).
-
-\item \verb+Referrer+ - the URL of the web resource where the request
- originated (as a string); the value of the HTTP \verb+Referer+
- header.
-
-\item \verb+UserAgent+ - the identification string of the client user
- agent issuing the request (as a string); the value of the HTTP
- \verb+User-Agent+ header.
-\end{itemize}
-
- Arguments for values not available for a particular
- request, such as \verb+User+, are provided as the string
- ``-''.
-
- Because it's important to avoid blocking the caller, the
- default logging function in \Yaws\ is a cast. You should
- strive to make your custom access logging function
- return to its caller as quickly as possible.
-
- Custom access logging functions can preprocess access
- logging data and then call \verb+yaws_log:accesslog/8+
- to send the data to the default log.
+ The default value for logdir is "."
\item \verb+ebin_dir = Directory+ -
This directive adds Directory to the \Erlang\ search
@@ -2230,7 +2187,7 @@ \section{Server Part}
the default provided by \verb+gen_tcp:listen/2+, which
is 5.
-\item \verb+rport = Port+
+\item \verb+rport = Port+ -
This forces all local redirects issued by the
server to go to Port. This is useful when \Yaws\
listens to a port which is different from the port
@@ -2242,17 +2199,87 @@ \section{Server Part}
used to redirect traffic to port 80 to port 8000
(most NAT:ing firewalls will also do this for you).
-\item \verb+rscheme = http | https+
+\item \verb+rscheme = http | https+ -
This forces all local redirects issued by the
server to use this method. This is useful when an
SSL off-loader, or stunnel, is used in front of
\Yaws\ .
+\item \verb+auth_log = true | false+ -
+ Enable or disable the auth log for this virtual server.
+ Default is true.
+
\item \verb+access_log = true | false+
Setting this directive to false turns off
traffic logging for this virtual server. The
default value is true.
+\item \verb+logger_mod = Module+ -
+ It is possible to set a special module that handles access and
+ auth logging. The default is to log all web server traffic to
+ \verb+<Host>.access+ and \verb+<Host>.auth+ files in the
+ configured or default \verb+logdir+.
+
+ This module must implement the behaviour
+ \verb+yaws_logger+. Default value is \verb+yaws_log+.
+
+ The following functions should be exported:
+
+ \begin{itemize}
+
+ \item \verb+Module:open_log(ServerName, Type, LogDir)+ - When
+ \Yaws\ is started, this function is called for this virtual
+ server. If the initialization is successful, the function must
+ return \verb+{true, State}+ and if an error occurred, it must
+ return \verb+false+.
+
+ \item \verb+Module:close_log(ServerName, Type)+ - This function is
+ called for this virtual server when \Yaws\ is stopped.
+
+ \item \verb+Module:wrap_log(ServerName, Type, State, LogWrapSize)+
+ - This function is used to rotate log files. It is regularly
+ called by \Yaws\ and must return the possibly updated internal
+ \verb+NewState+.
+
+ \item \verb+Module:write_log(ServerName, Type, State, Infos)+ -
+ When it needs to log a message, \Yaws\ will call this
+ function. The parameter \verb+Infos+ is
+ \verb+{Ip, Req, InHdrs, OutHdrs, Time}+ for an access log and
+ \verb+{Ip, Path, Item}+ for an auth log, where:
+
+ \begin{itemize}
+
+ \item \verb+Ip+ - IP address of the accessing client (as
+ a tuple).
+
+ \item \verb+Req+ - the HTTP method, URI path, and HTTP
+ version of the request (as a \#http\_request{}
+ record).
+
+ \item \verb+InHdrs+ - the HTTP headers which were sent
+ from the WWW client (as a \#headers{} record).
+
+ \item \verb+OutHdrs+ - the HTTP headers sent to the WWW
+ client (as a \#outh{} record).
+
+ \item \verb+Path+ - the URI path of the request (as a
+ string).
+
+ \item \verb+Item+ - the result of an authentication
+ request. May be \verb+{ok, User}+, \verb+403+ or
+ \verb+{401, Realm}+.
+
+ \item \verb+Time+ - The time taken to serve the request,
+ in microseconds.
+
+ \end{itemize}
+
+ For all of these callbacks, \verb+ServerName+ is the virtual
+ server's name, \verb+Type+ is the atom \verb+access+ or
+ \verb+auth+ and \verb+State+ is the internal state of the logger.
+
+ \end{itemize}
+
\item \verb+docroot = Directory+ -
This makes the server serve all its content from
Directory.
View
@@ -12,24 +12,22 @@
%% flags for gconfs
-define(GC_TTY_TRACE, 1).
-define(GC_DEBUG, 2).
--define(GC_AUTH_LOG, 4).
--define(GC_COPY_ERRLOG, 8).
--define(GC_BACKWARDS_COMPAT_PARSE, 16).
--define(GC_LOG_RESOLVE_HOSTNAME, 32).
--define(GC_FAIL_ON_BIND_ERR, 64).
--define(GC_PICK_FIRST_VIRTHOST_ON_NOMATCH, 128).
--define(GC_USE_FDSRV, 256).
--define(GC_USE_OLD_SSL, 512).
+-define(GC_COPY_ERRLOG, 4).
+-define(GC_BACKWARDS_COMPAT_PARSE, 8).
+-define(GC_LOG_RESOLVE_HOSTNAME, 16).
+-define(GC_FAIL_ON_BIND_ERR, 32).
+-define(GC_PICK_FIRST_VIRTHOST_ON_NOMATCH, 64).
+-define(GC_USE_FDSRV, 128).
+-define(GC_USE_OLD_SSL, 256).
--define(GC_DEF, (?GC_AUTH_LOG bor ?GC_FAIL_ON_BIND_ERR)).
+
+-define(GC_DEF, ?GC_FAIL_ON_BIND_ERR).
-define(gc_has_tty_trace(GC),
((GC#gconf.flags band ?GC_TTY_TRACE) /= 0)).
-define(gc_has_debug(GC),
((GC#gconf.flags band ?GC_DEBUG) /= 0)).
--define(gc_has_auth_log(GC),
- ((GC#gconf.flags band ?GC_AUTH_LOG) /= 0)).
-define(gc_has_copy_errlog(GC),
((GC#gconf.flags band ?GC_COPY_ERRLOG) /= 0)).
-define(gc_log_has_resolve_hostname(GC),
@@ -45,8 +43,6 @@
GC#gconf{flags = yaws:flag(GC#gconf.flags,?GC_TTY_TRACE, Bool)}).
-define(gc_set_debug(GC, Bool),
GC#gconf{flags = yaws:flag(GC#gconf.flags, ?GC_DEBUG, Bool)}).
--define(gc_set_auth_log(GC, Bool),
- GC#gconf{flags = yaws:flag(GC#gconf.flags, ?GC_AUTH_LOG, Bool)}).
-define(gc_set_copy_errlog(GC, Bool),
GC#gconf{flags = yaws:flag(GC#gconf.flags, ?GC_COPY_ERRLOG, Bool)}).
-define(gc_log_set_resolve_hostname(GC, Bool),
@@ -67,7 +63,6 @@
trace, %% false | {true,http}|{true,traffic}
flags = ?GC_DEF, %% boolean flags
logdir,
- logger_mod = yaws_log, % access logging module
ebin_dir = [],
runmods = [], %% runmods for entire server
keepalive_timeout = 30000,
@@ -119,23 +114,27 @@
%% flags for sconfs
-define(SC_ACCESS_LOG, 1).
--define(SC_ADD_PORT, 2).
--define(SC_STATISTICS, 4).
--define(SC_TILDE_EXPAND, 8).
--define(SC_DIR_LISTINGS, 16).
--define(SC_DEFLATE, 32).
--define(SC_DIR_ALL_ZIP, 64).
--define(SC_DAV, 128).
--define(SC_FCGI_TRACE_PROTOCOL, 512).
--define(SC_FCGI_LOG_APP_ERROR, 1024).
--define(SC_FORWARD_PROXY, 2048).
--define(SC_AUTH_SKIP_DOCROOT, 4096).
+-define(SC_AUTH_LOG, 2).
+-define(SC_ADD_PORT, 4).
+-define(SC_STATISTICS, 8).
+-define(SC_TILDE_EXPAND, 16).
+-define(SC_DIR_LISTINGS, 32).
+-define(SC_DEFLATE, 64).
+-define(SC_DIR_ALL_ZIP, 128).
+-define(SC_DAV, 512).
+-define(SC_FCGI_TRACE_PROTOCOL, 1024).
+-define(SC_FCGI_LOG_APP_ERROR, 2048).
+-define(SC_FORWARD_PROXY, 4096).
+-define(SC_AUTH_SKIP_DOCROOT, 8192).
+
--define(SC_DEF, ?SC_ACCESS_LOG bor ?SC_ADD_PORT).
+-define(SC_DEF, ?SC_ACCESS_LOG bor ?SC_ADD_PORT bor ?SC_AUTH_LOG).
-define(sc_has_access_log(SC),
(((SC)#sconf.flags band ?SC_ACCESS_LOG) /= 0)).
+-define(sc_has_auth_log(SC),
+ (((SC)#sconf.flags band ?SC_AUTH_LOG) /= 0)).
-define(sc_has_add_port(SC),
(((SC)#sconf.flags band ?SC_ADD_PORT) /= 0)).
-define(sc_has_statistics(SC),
@@ -162,6 +161,8 @@
-define(sc_set_access_log(SC, Bool),
SC#sconf{flags = yaws:flag(SC#sconf.flags, ?SC_ACCESS_LOG, Bool)}).
+-define(sc_set_auth_log(SC, Bool),
+ SC#sconf{flags = yaws:flag(SC#sconf.flags, ?SC_AUTH_LOG, Bool)}).
-define(sc_set_add_port(SC, Bool),
SC#sconf{flags = yaws:flag(SC#sconf.flags, ?SC_ADD_PORT, Bool)}).
-define(sc_set_statistics(SC, Bool),
@@ -221,6 +222,7 @@
errormod_404 = yaws_outmod, %% the default 404 error module
errormod_crash = yaws_outmod, %% use the same module for crashes
arg_rewrite_mod = yaws,
+ logger_mod = yaws_log, %% access/auth logging module
opaque = [], %% useful in embedded mode
start_mod, %% user provided module to be started
allowed_scripts = [yaws,php,cgi,fcgi],
Oops, something went wrong.

0 comments on commit d9342f8

Please sign in to comment.