Which IP Addresses Have Accessed Apache Web Server The Most?
Last week I was asked the following question:
“Is there any way that you can find out which hosts or IP addresses have been accessing your Apache Web Server the most?”
The answer to this question is “YES!”.
Apache maintains an access log file, its default location is in the Apache logs directory, but this can be defined in the Apache httpd.conf file. The “out of the box” location for the Apache distribution with CentOS/= and RHEL 6 and 7 is: /etc/httpd/logs/access_log. Here is an example of the the default log entries for this file:
The first column cpntains the IP address of the source of an HTTP request to Apache. Using a utility called awk in combination with a uniq and sort command we can easily extract the source IP addresses from this file, count the number of instances and sort them into order of number of requests.
Here is a command line that would do the job:
awk ‘{print $1}’ /etc/httpd/logs/access_log | uniq -c | sort -nr
The result is as follows:
If you would like to learn more about Linux tools why not take a look at our Linux Training Courses? This one covers awk: http://ptr.co.uk/unix-tools-shell-scripts.