How do I find out what file Apache is serving when a port is hit?
You can see where httpd
is configured to look for it's configuration files using the -V
switch:
$ httpd -V
Server version: Apache/2.2.15 (Unix)
Server built: Feb 13 2012 22:31:42
Server's Module Magic Number: 20051115:24
Server loaded: APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
You can also use the command lsof
to see what files a Unix process is accessing. My version of httpd
is using the stock port 80 so change the 80 to 8443 in your case!
$ netstat -tapn|grep ::80
tcp 0 0 :::80 :::* LISTEN 5338/httpd
You can now run lsof
to find out where the log files are getting written to:
$ lsof -p 5338|grep log
httpd 5338 root mem REG 253,0 10440 3141 /usr/lib64/httpd/modules/mod_logio.so
httpd 5338 root mem REG 253,0 27200 3139 /usr/lib64/httpd/modules/mod_log_config.so
httpd 5338 root 2w REG 253,0 2014 395029 /var/log/httpd/error_log
httpd 5338 root 7w REG 253,0 4140 394789 /var/log/httpd/access_log
You should be able to determine the location of the access_log
as well as the configuration files and look through them to determine the "Directory" and "Location" directives. These specify what local directories to use when telling Apache what files to serve.
Now what?
I would then look through the access_log
to make sure that there are entries in there that correspond to accesses against the server. What I mean by this is if I browse the server at http://www.somedom.com/somefile
I should see this access recorded in the access_log
file like this:
192.168.1.110 - - [17/Jul/2013:14:39:50 -0400] "GET /somefile HTTP/1.1" 200 4303 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/5
37.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36"
Where are the files?
You can take the above knowledge that we've acquired and start to apply it like so:
These bits from httpd -V
tells us Apache's root:
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
So we know the main config file is here: /etc/httpd/conf/httpd.conf
. So look through that file for these lines:
$ grep -E "DocumentRoot|Directory \"|^Include" /etc/httpd/conf/httpd.conf |grep -v "^#"
Include conf.d/*.conf
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
<Directory "/var/www/icons">
<Directory "/var/www/cgi-bin">
<Directory "/var/www/error">
So I now know that these directories are potential sources for the file we saw in the access_log
. The DocumentRoot
and Directories
I'd look through for the file, somefile
. If it isn't in any of these locations then I'd next focus on the Include
directory mentioned above in the grep
output, /etc/httpd/conf.d/*.conf
.
These files are additional configurations that Apache uses so you'd need to repeat the steps using the grep
to look through these files as well.
Related videos on Youtube
Aust
<3 JavaScript is my favorite language. 2 millennia ago, Jesus Christ founded His church - but with the persecution of the apostles and the saints, that church (and the pure doctrine of Christ) crumbled. Around 200 years ago, Jesus Christ restored His church (along with His pure doctrine) through the Prophet Joseph Smith, and He wants you to come and participate in the blessings. Learn more at comeuntochrist.org. Why am I here? | Where do I go when I die?
Updated on September 18, 2022Comments
-
Aust over 1 year
I'm working on a server someone else set up. The server is CentOS 4.6 running Apache/2.0.59 (httpd). They have an update service setup on port 8443. I know it is working but I need to find out what files Apache is serving when someone hits that port.
I looked in the httpd.conf file to see if there was anything in there but there was nothing there. I tried using
nmap
too but that only showed me which ports are currently open. The output ofnmap
was:8443/tcp open https-alt
So how can I find out what files are served when someone connects to that port?
-
Admin almost 11 yearsCan you find it in the log file?
-
-
Aust almost 11 yearsYeah this is way close! This log shows me what users are requesting from the URL but I want to find which file that corresponds to on the server. How can I do that?
-
slm almost 11 years@Aust - See updates.
-
Aust almost 11 yearsYou make me so happy! Thanks! The files were not in those original directories so I ran
grep -E "DocumentRoot|Directory \"|^Include" /etc/httpd/conf.d/*.conf |grep -v "^#"
and started searching through those directories and found it. =D -
slm almost 11 years@Aust - glad it worked out for you!