web/mod-qos
1
0
Fork 0
Code Issues Activity

Adding upstream version 11.76.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-03-24 13:01:55 +01:00
parent 24ecce9d56
commit 1a9d02dfcf
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
65 changed files with 413 additions and 7681 deletions
Download patch file Download diff file Expand all files Collapse all files

23
doc/CHANGES.txt
View file

@ -1,12 +1,27 @@
Version 11.76
- Setting connection note short-lingering-close when aborting connection (to
improve connection close behavior when using MPM event).
- Removes outdated utilities from the distribution package: qsfilter2,
qspng, qsrotate, qssign, qstail, qshead, qsgrep, qsexec, qscheck, qslogger,
and qsdt.
Version 11.75
- QS_ClientIpFromHeader supports other modules (e.g. mod_remoteip) setting
a client address to the request record when using the special header
name #USERAGENT_IP.
Version 11.74
- Fixed: Potential counter overflow for early event detection
(increment before block) or log only mode.
- Fixed: Potential counter overflow for early event detection
(increment before block) or log only mode.
Version 11.73
This release introduces support of the PCRE2 (10.x) library in place of
the now end-of-life PCRE version 1 (8.x) API.
This release introduces support of the PCRE2 (10.x) library in place of
the now end-of-life PCRE version 1 (8.x) API.
- Removes PCRE API dependency from mod_qos.c. The module no longer has an
explicit dependency to the PCRE library but uses ap_pregcomp(),

2
doc/MESSAGES.txt
View file

@ -1,4 +1,4 @@
mod_qos version 11.74
mod_qos version 11.76
mod_qos(001): QS_ClientEventLimitCount directives can't be added/removed by graceful restart. A server restart is required to apply the new configuration!
mod_qos(002): failed to create shared memory (ACT)(%s): %s (%lu bytes)
mod_qos(002): failed to create shared memory (client control)(%s): %s (%d bytes)

4
doc/glossary.html
View file

@ -32,7 +32,7 @@
See http://mod-qos.sourceforge.net/ for further details.
Copyright (C) 2023 Pascal Buchbinder
Copyright (C) 2025 Pascal Buchbinder
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@ -598,6 +598,6 @@ You can use the spreadsheet program of your choice to process the output:<br><br
</table>
<br>
<hr>
<SMALL><SMALL>&copy; 2023, Pascal Buchbinder</SMALL></SMALL>
<SMALL><SMALL>&copy; 2024, Pascal Buchbinder</SMALL></SMALL>
</body>
</html>

2
doc/headerfilterrules.txt
View file

@ -94,4 +94,4 @@ QS_ResponseHeaderFilter rules:
name=X-Frame-Options, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=X-XSS-Protection, action=drop, size=4000, pattern=^[\x20-\xFF]*$
mod_qos 11.74
mod_qos 11.76

95
doc/index.html
View file

@ -34,7 +34,7 @@
See http://mod-qos.sourceforge.net/ for further details.
Copyright (C) 2023 Pascal Buchbinder
Copyright (C) 2025 Pascal Buchbinder
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@ -248,7 +248,7 @@ server's modules directory.
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2">
<pre>
cd mod_qos-11.74/apache2
cd mod_qos-11.76/apache2
apxs -i -c mod_qos.c -lcrypto -lpcre2-8
cd ../..
</pre>
@ -320,11 +320,11 @@ within the format string used by the <a href="#QSLog"><code>QSLog</code></a> dir
The <a href="#utilities">support tools</a> may be built (at least on some
Linux platforms) using the GNU autotools. Some of these
utilities require third-party libraries such as apr, apr-util, PCRE2,
libpng, and OpenSSL.
and OpenSSL.
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2">
<pre>
cd mod_qos-11.74/tools
cd mod_qos-11.76/tools
./configure
make
</pre>
@ -946,10 +946,6 @@ that has occurred during a request.
<syntax>QS_Country</syntax><br>
ISO 3166 country code of client IPv4 address. Only available if the
<a href="#QS_ClientGeoCountryDB">geographical database</a> file has been loaded.<br>
<small><i>Note: You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code>
directive to override the client's IP address based on the value within the defined
HTTP request header (e.g., X-Forwarded-For) instead of taking the IP address of
the client which has opened the TCP connection.</i></small>
</li>
<!--<li>
<syntax>QS_RuleId</syntax><br>
@ -1431,8 +1427,6 @@ pattern are allowed. If a <code>QS_PermitUri</code> pattern has
been defined and the request does not match any rule, the request
is denied.
All rules must define the same action. pcre is case sensitive.
You may use the <code><a href="qsfilter2.1.html">qsfilter2</a></code>
utility to generate rules based on access log files.
</li>
<li>
<a name="QS_DenyInheritanceOff"></a>
@ -1567,10 +1561,7 @@ be deflated (compressed data) using
<tr><td bgcolor="#E2EDE2">
Sample configuration:<br><a name="qsfiltersample"></a>
<pre>
# configure the audit log writing the request body data to a file
# (use this log to generate allow list rules using <a href="qsfilter2.1.html">qsfilter2</a>
# when <a href="#QS_PermitUriBody">QS_PermitUriBody</a> has been enabled)
# format:
# optional audit log writing the request body data to a file, format:
# %h:
# The remote host (used to filter by IP address).
# %>s:
@ -1578,7 +1569,7 @@ Sample configuration:<br><a name="qsfiltersample"></a>
# %{qos-loc}n
# The matching Location to generate the rules for.
# %{qos-path}n%{qos-query}n
# The request data required by qsfilter2 to generate rules.
# The request data to define rules.
CustomLog logs/qsaudit_log "%h %>s %{qos-loc}n %{qos-path}n%{qos-query}n"
# enable json parser
@ -1862,7 +1853,7 @@ survives graceful server restart. The maximum value is 10'000'000.
Defines the allowed number of <a href="glossary.html#concurrency">concurrent</a>
requests coming from the same client source IP address having the
<code><a href="#QS_EventRequest">QS_EventRequest</a></code> variable set.<br>
<small><i>Note: You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code>
<small><i>Note: You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a>
directive to override the client's IP address based on the value within the defined
HTTP request header (e.g., X-Forwarded-For) instead of taking the IP address of
the client which has opened the TCP connection.</i></small>
@ -1913,17 +1904,10 @@ this limitation are denied for the specified time (blocked at request level). <b
<ul>
<li>The value of the variable defines the penalty points by which the counters
are increased. Default (empty or non-numeric value) is 1 (increment per request).</li>
<li><a name="QS_ClientIpFromHeader"></a>
You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code>
<li>You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a>
directive to determine the client's IP address based on the defined HTTP
request header (e.g., X-Forwarded-For) instead of taking the IP address
of the client which has opened the TCP connection. The header must only
contain a single IP address.<br>
You might also use a pseudo IP address by creating a hash from the
header's value if you prefix the header name by a '#',
e.g. <code>#Authorization</code> to use the HTTP basic auth header.
as the pseudo IP address. The special name <code>#SSL_CLIENT_S_DN</code>
creates a pseudo IP from the SSL client certificate's subject and issuer DN.
of the client which has opened the TCP connection.
</li>
<li>The current value of this counter is stored within the variable suffixed
by <code><a href="#_Counter">_Counter</a></code>, e.g. <code>QS_Limit_Counter</code> for further
@ -1953,7 +1937,7 @@ if you want to enforce a rule under certain conditions only.</li>
variable set if they are coming from the same IP address.<br>
<small><i>Notes:
<ul>
<li>You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code> directive to
<li>You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a> directive to
override the client's IP address based on the value within the defined HTTP request
header (e.g., X-Forwarded-For) instead of taking the IP address of the client which has opened
the TCP connection.
@ -2037,7 +2021,7 @@ Double quoted ISO 3166 country code, e.g. "FR" for France.
</ul>
The <a href="#QS_Country"><code>QS_Country</code></a> variable contains
the country code for the client's IP address. <br>
<small><i>Note: You may use the <code>QS_ClientIpFromHeader &lt;header&gt;</code> directive to
<small><i>Note: You may use the <a href="#QS_ClientIpFromHeader"><code>QS_ClientIpFromHeader</code></a> directive to
override the client's IP address based on the value within the defined HTTP request
header (e.g., X-Forwarded-For) instead of taking the IP address of the client which has opened
the TCP connection to evaluate this variable.</i></small>
@ -2053,6 +2037,30 @@ Uses the geographical database loaded by
<br>Clients whose IP can't be mapped to a country code can be excluded
from the limitation by configuring the 'excludeUnknown' argument.
</li>
<li>
<a name="QS_ClientIpFromHeader"></a>
<syntax>QS_ClientIpFromHeader &lt;header&gt;</syntax><br>
The <code>QS_ClientIpFromHeader &lt;header&gt;</code> directive can be used
to determine the client's IP address based on the defined HTTP
request header (e.g., X-Forwarded-For) instead of taking the IP address
of the client which has opened the TCP connection. The header must only
contain a single IP address.<br>
It can used for the following directives:
<a href="#QS_ClientEventRequestLimit"><code>QS_ClientEventRequestLimit</code></a>,
<a href="#QS_ClientEventLimitCount"><code>QS_ClientEventLimitCount</code></a>,
<a href="#QS_ClientSerialize"><code>QS_ClientSerialize</code></a>, and
<a href="#QS_ClientGeoCountryDB"><code>QS_ClientGeoCountryDB</code></a>.<br>
Notes:<ul>
<li>You might also use a pseudo IP address by creating a hash from the
header's value if you prefix the header name by a '#',
e.g. <code>#Authorization</code> to use the HTTP basic auth header.</li>
<li>The special name <code>#SSL_CLIENT_S_DN</code> creates a pseudo
IP from the SSL client certificate's subject and issuer DN.</li>
<li>If the remote address information has been overridden by another module such as
<a href="https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteipheader">mod_remoteip <img src="images/link.png"/></a>,
and you want to use this, use the special name <code>#USERAGENT_IP</code> (available with Apache 2.4.19 and newer).</li>
</ul>
</li>
</ul>
<table border="0" cellspacing="5" cellpadding="10" width="100%">
@ -2408,51 +2416,20 @@ verify the status of the client. Example: <br/>
<p>
mod_qos provides optional tools for log data processing and analysis:
<ul>
<a name="qsdt"></a>
<li><syntax><a href="qsdt.1.html">qsdt</a></syntax><br>Simple tool
to measure the elapse time between related log messages.</li>
<a name="qsexec"></a>
<li><syntax><a href="qsexec.1.html">qsexec</a></syntax><br>Command execution
triggered by patterns within log files.</li>
<a name="qsfilter2"></a>
<li><syntax><a href="qsfilter2.1.html">qsfilter2</a></syntax><br>
Rule generator. Creates <code><a href="#filter">QS_Permit*</a></code> directives and rule patterns
from audit log files.</li>
<a name="qsgeo"></a>
<li><syntax><a href="qsgeo.1.html">qsgeo</a></syntax><br>Adds the country code
for the client IP address within a log file.</li>
<a name="qsgrep"></a>
<li><syntax><a href="qsgrep.1.html">qsgrep</a></syntax><br>Searches a file for a
pattern and prints the data in a new format.</li>
<a name="qslog"></a>
<li><syntax><a href="qslog.1.html">qslog</a></syntax><br>A real time
<code><a href="http://httpd.apache.org/docs/current/mod/mod_log_config.html">TransferLog/CustomLog <img src="images/link.png"/></a></code>
data analyzer. It reads the per request log data from stdin and generates
statistic records every minute.</li>
<a name="qslogger"></a>
<li><syntax><a href="qslogger.1.html">qslogger</a></syntax><br>Shell command
interface to the syslog(3) system log module.</li>
<a name="qspng"></a>
<li><syntax><a href="qspng.1.html">qspng</a></syntax><br>Creates graphics (png
images) from the output of <code>qslog</code>.</li>
<a name="qsre"></a>
<li><syntax><a href="qsre.1.html">qsre</a></syntax><br>Regular expression (pcre)
pattern match test tool.</li>
<a name="qsrespeed"></a>
<li><syntax><a href="qsrespeed.1.html">qsrespeed</a></syntax><br>Compares the
expected processing time per regular expression.</li>
<a name="qsrotate"></a>
<li><syntax><a href="qsrotate.1.html">qsrotate</a></syntax><br>Log rotation tool
similar to Apache's <code>rotatelogs</code>.</li>
<a name="qssign"></a>
<li><syntax><a href="qssign.1.html">qssign</a></syntax><br>A log data integrity
check tool. It reads log data from stdin (pipe) and writes the signed data
to stdout adding a sequence number and signature to ever log line.<br>
<a href="https://sourceforge.net/p/mod-qos/source/HEAD/tree/trunk/tools/logstash-filter-qssign/lib/logstash/filters/qssign.rb?format=raw"><code>qssign.rb</code></a> is a <a href="http://www.logstash.net/">Logstash <img src="images/link.png"/></a> filter
plugin which may be used to verify the signatures of log messages in real time.</li>
<a name="qstail"></a>
<li><syntax><a href="qstail.1.html">qstail</a></syntax><br>Shows the end of a log
file beginning at a defined pattern.</li>
</ul>
</p>
@ -2746,6 +2723,6 @@ KeepAliveTimeout 2
</table>
<br>
<hr>
<small><small>&copy; 2007-2023, Pascal Buchbinder - mod_qos version 11.74</small></small>
<small><small>&copy; 2007-2025, Pascal Buchbinder - mod_qos version 11.76</small></small>
</body>
</html>

85
doc/qsdt.1.html
View file

@ -1,85 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSDT</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSDT</H1>
Section: qsdt man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsdt calculates the elapsed time between two related log messages.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsdt [-t &lt;regex&gt;] -i &lt;regex&gt; -s &lt;regex&gt; -e &lt;regex&gt; [-v] [&lt;path&gt;]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsdt is a simple tool to search two different messages in a log file and calculates the elapsed time between these lines. The two log messages need a common identifier such an unique request id (UNIQUE_ID), a thread id, or a transaction code.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-t &lt;regex&gt; <DD>
Defines a pattern (regular expression) matching the log line's timestamp. The pattern must include two sub-expressions, one matching hours, minutes and seconds the other matching the milliseconds. Default pattern is ([0-9]{2}:[0-9]{2}:[0-9]{2})[.,]([0-9]{3})
<DT>-i &lt;regex&gt; <DD>
Pattern (regular expression) matching the identifier which the two messages have in common. The sub-expression defines the part which needs to be extracted from the matching string. Note: You can also use the start (-s) and end (-e) pattern to define the sub-expression matching this identifier.
<DT>-s &lt;regex&gt; <DD>
Defines the pattern (regular expression or literal string) identifying the first (start) of the two messages.
<DT>-e &lt;regex&gt; <DD>
Defines the pattern (regular expression or literal string) identifying the second (end) of the two messages.
<DT>-v <DD>
Verbose mode.
<DT>&lt;path&gt; <DD>
Defines the input file to process. qsdt reads from from standard input if this parameter is omitted.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Sample command line arguments:
<P>
<BR>&nbsp;&nbsp;-i&nbsp;'&nbsp;([a-z0-9]+)&nbsp;[A-Z]+&nbsp;'&nbsp;-s&nbsp;'Received&nbsp;Request'&nbsp;-e&nbsp;'Received&nbsp;Response'
<P>
<BR>&nbsp;matching&nbsp;those&nbsp;sample&nbsp;log&nbsp;messages:
<BR>&nbsp;&nbsp;2018-03-12&nbsp;16:34:08.653&nbsp;threadid23&nbsp;INFO&nbsp;Received&nbsp;Request
<BR>&nbsp;&nbsp;2018-03-13&nbsp;16:35:09.891&nbsp;threadid23&nbsp;DEBUG&nbsp;MessageHandler&nbsp;Received&nbsp;Response
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>NOTE</H2>
The four patterns (t,i,s,e) are concatenated into two search patterns:
<BR>&nbsp;first&nbsp;(start):&nbsp;[t&nbsp;(HH:MM:SS)(SSS)&nbsp;].*[i&nbsp;(id)&nbsp;].*[s&nbsp;]
<BR>&nbsp;second&nbsp;(end):&nbsp;&nbsp;[t&nbsp;(HH:MM:SS)(SSS)&nbsp;].*[i&nbsp;(id)&nbsp;].*[e&nbsp;]
<P>
And the three sub-expression are used to extract the timestamp and the unique identifier that the start and end message have in common. This means that you could specify the sub-expression for the unique identifier in the start (-s) or end (-e) pattern alternatively, e.g. in case the identifier is at the end of the log line.
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">NOTE</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

72
doc/qsexec.1.html
View file

@ -1,72 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSEXEC</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSEXEC</H1>
Section: qsexec man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsexec - parses the data received via stdin and executes the defined command on a pattern match.
<P>
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsexec -e &lt;pattern&gt; [-t &lt;number&gt;:&lt;sec&gt;] [-c &lt;pattern&gt; [&lt;command string&gt;]] [-p] [-u &lt;user&gt;] &lt;command string&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsexec reads log lines from stdin and searches for the defined pattern. It executes the defined command string on pattern match.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-e &lt;pattern&gt; <DD>
Specifies the search pattern causing an event which shall trigger the command.
<DT>-t &lt;number&gt;:&lt;sec&gt; <DD>
Defines the number of pattern match within the the defined number of seconds in order to trigger the command execution. By default, every pattern match causes a command execution.
<DT>-c &lt;pattern&gt; [&lt;command string&gt;] <DD>
Pattern which clears the event counter. Executes optionally a command if an event command has been executed before.
<DT>-p <DD>
Writes data also to stdout (for piped logging).
<DT>-u &lt;name&gt; <DD>
Become another user, e.g. www-data.
<DT>&lt;command string&gt; <DD>
Defines the event command string where $0-$9 are substituted by the submatches of the regular expression.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Executes the deny.sh script providing the IP address of the client causing a mod_qos(031) messages whenever the log message appears 10 times within at most one minute:
<BR>&nbsp;&nbsp;ErrorLog&nbsp;&quot;|/usr/bin/qsexec&nbsp;-e&nbsp;\'mod_qos\(031\).*,&nbsp;c=([0-9a-zA-Z:.]*)\'&nbsp;-t&nbsp;10:60&nbsp;\'/usr/local/bin/deny.sh&nbsp;$1\'&quot;
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

127
doc/qsfilter2.1.html
View file

@ -1,127 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSFILTER2</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSFILTER2</H1>
Section: qsfilter2 man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsfilter2 - an utility to generate mod_qos request line rules out from existing access/audit log data.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsfilter2 -i &lt;path&gt; [-c &lt;path&gt;] [-d &lt;num&gt;] [-h] [-b &lt;num&gt;] [-p|-s|-m|-o] [-l &lt;len&gt;] [-n] [-e] [-u 'uni'] [-k &lt;prefix&gt;] [-t] [-f &lt;path&gt;] [-v 0|1|2]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2><p><img src="qsfilter2_process.gif" alt="overview"></p>
mod_qos implements a request filter which validates each request line. The module supports both, negative and positive security model. The QS_Deny* directives are used to specify request line patterns which are not allowed to access the server (negative security model / deny list). These rules are used to restrict access to certain resources which should not be available to users or to protect the server from malicious patterns. The QS_Permit* rules implement a positive security model (allow list). These directives are used to define allowed request line patterns. Request which do not match any of these patterns are not allowed to access the server.
<P>
qsfilter2 is an audit log analyzer used to generate filter rules (perl compatible regular expressions) which may be used by mod_qos to deny access for suspect requests (QS_PermitUri rules). It parses existing audit log files in order to generate request patterns covering all allowed requests.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-i &lt;path&gt; <DD>
Input file containing request URIs. The URIs for this file have to be extracted from the servers access logs. Each line of the input file contains a request URI consisting of a path and and query.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Example:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/index.do
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/edit?image=1.jpg
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/image/1.jpg
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/view?page=1
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/edit?document=1
<P>
These access log data must include current request URIs but also request lines from previous rule generation steps. It must also include request lines which cover manually generated rules. You may use the 'qos-path' and 'qos-query' variables to create an audit log containing all request data (path and query/body data). Example: 'CustomLog audit_log %{qos-path}n%{qos-query}n'. See also <A HREF="http://mod-qos.sourceforge.net#qsfiltersample">http://mod-qos.sourceforge.net#qsfiltersample</A> about the module settings.
<DT>-c &lt;path&gt; <DD>
mod_qos configuration file defining QS_DenyRequestLine and QS_PermitUri directives. qsfilter2 generates rules from access log data automatically. Manually generated rules (QS_PermitUri) may be provided from this file. Note: each manual rule must be represented by a request URI in the input data (-i) in order to make sure not to be deleted by the rule optimisation algorithm. QS_Deny* rules from this file are used to filter request lines which should not be used for allow list rule generation.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Example:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;manually&nbsp;defined&nbsp;allow&nbsp;list&nbsp;rule:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;QS_PermitUri&nbsp;+view&nbsp;deny&nbsp;&quot;^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$&quot;
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;filter&nbsp;unwanted&nbsp;request&nbsp;line&nbsp;patterns:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;QS_DenyRequestLine&nbsp;+printable&nbsp;deny&nbsp;&quot;.*[\x00-\x19].*&quot;
<P>
<P>
<DT>-d &lt;num&gt; <DD>
Depth (sub locations) of the path string which is defined as a literal string. Default is 1.
<DT>-h <DD>
Always use a string representing the handler name in the path even the url does not have a query. See also -d option.
<DT>-b &lt;num&gt; <DD>
Replaces url pattern by the regular expression when detecting a base64/hex encoded string. Detecting sensibility is defined by a numeric value. You should use values higher than 5 (default) or 0 to disable this function.
<DT>-p <DD>
Represents query by pcre only (no literal strings).
<DT>-s <DD>
Uses one single pcre for the whole query string.
<DT>-m <DD>
Uses one pcre for multiple query values (recommended mode).
<DT>-o <DD>
Does not care the order of query parameters.
<DT>-l &lt;len&gt; <DD>
Outsizes the query length by the defined length ({0,size+len}), default is 10.
<DT>-n <DD>
Disables redundant rules elimination.
<DT>-e <DD>
Exit on error.
<DT>-u 'uni' <DD>
Enables additional decoding methods. Use the same settings as you have used for the QS_Decoding directive.
<DT>-k &lt;prefix&gt; <DD>
Prefix used to generate rule identifiers (QSF by default).
<DT>-t <DD>
Calculates the maximal latency per request (worst case) using the generated rules.
<DT>-f &lt;path&gt; <DD>
Filters the input by the provided path (prefix) only processing matching lines.
<DT>-v &lt;level&gt; <DD>
Verbose mode. (0=silent, 1=rule source, 2=detailed). Default is 1. Don't use rules you haven't checked the request data used to generate it! Level 1 is highly recommended (as long as you don't have created the log data using your own web crawler).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>OUTPUT</H2>
The output of qsfilter2 is written to stdout. The output contains the generated QS_PermitUri directives but also information about the source which has been used to generate these rules. It is very important to check the validity of each request line which has been used to calculate the QS_PermitUri rules. Each request line which has been used to generate a new rule is shown in the output prefixed by &quot;ADD line &lt;line number&gt;:&quot;. These request lines should be stored and reused at any later rule generation (add them to the URI input file). The subsequent line shows the generated rule. At the end of data processing a list of all generated QS_PermitUri rules is shown. These directives may be used withn the configuration file used by mod_qos.
<A NAME="lbAG">&nbsp;</A>
<H2>EXAMPLE</H2>
<BR>&nbsp;&nbsp;qsfilter2&nbsp;-i&nbsp;loc.txt&nbsp;-c&nbsp;httpd.conf&nbsp;-m&nbsp;-e
<BR>&nbsp;&nbsp;...
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;1:&nbsp;/aaa/index.do
<BR>&nbsp;&nbsp;#&nbsp;003&nbsp;^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;3:&nbsp;/aaa/view?page=1
<BR>&nbsp;&nbsp;#&nbsp;---&nbsp;^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;4:&nbsp;/aaa/edit?document=1
<BR>&nbsp;&nbsp;#&nbsp;004&nbsp;^[/a-zA-Z]+/edit\?((document)(=[0-9]*)*[&amp;]?)*$
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;5:&nbsp;/aaa/edit?image=1.jpg
<BR>&nbsp;&nbsp;#&nbsp;005&nbsp;^[/a-zA-Z]+/edit\?((image)(=[0-9\.a-zA-Z]*)*[&amp;]?)*$
<BR>&nbsp;&nbsp;...
<BR>&nbsp;&nbsp;QS_PermitUri&nbsp;+QSF001&nbsp;deny&nbsp;&quot;^[/a-zA-Z]+/edit\?((document|image)(=[0-9\.a-zA-Z]*)*[&amp;]?)*$&quot;
<BR>&nbsp;&nbsp;QS_PermitUri&nbsp;+QSF002&nbsp;deny&nbsp;&quot;^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$&quot;
<BR>&nbsp;&nbsp;QS_PermitUri&nbsp;+QSF003&nbsp;deny&nbsp;&quot;^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$&quot;
<P>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">OUTPUT</A><DD>
<DT><A HREF="#lbAG">EXAMPLE</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

4
doc/qsgeo.1.html
View file

@ -5,7 +5,7 @@
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSGEO</H1>
Section: qsgeo man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
Section: qsgeo man page (1)<BR>Updated: January 2025<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
@ -53,7 +53,7 @@ Resolving a single IP address:
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A HREF="qslog.1.html">qslog</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>

67
doc/qsgrep.1.html
View file

@ -1,67 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSGREP</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSGREP</H1>
Section: qsgrep man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsgrep - prints matching patterns within a file.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsgrep -e &lt;pattern&gt; -o &lt;sub string&gt; [&lt;path&gt;]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsgrep is a simple tool to search patterns within files. It uses regular expressions to find patterns and prints the submatches within a pre-defined format string.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-e &lt;pattern&gt; <DD>
Specifies the search pattern.
<DT>-o &lt;string&gt; <DD>
Defines the output string where $0-$9 are substituted by the submatches of the regular expression.
<DT>&lt;path&gt; <DD>
Defines the input file to process. qsgrep reads from from standard input if this parameter is omitted.
<P>
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Shows the IP addresses of clients causing mod_qos(031) messages):
<P>
<BR>&nbsp;&nbsp;qsgrep&nbsp;-e&nbsp;'mod_qos\(031\).*,&nbsp;c=([a-zA-Z0-9:.]*)'&nbsp;-o&nbsp;'ip=$1'&nbsp;error_log
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

54
doc/qshead.1.html
View file

@ -1,54 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSHEAD</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSHEAD</H1>
Section: qshead man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qshead - an utility reading from stdin and printing all lines to stdout until reaching the defined pattern.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qshead -p &lt;pattern&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qshead reads lines from stdin and prints them to stdout until a line contains the specified pattern (literal string).
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-p &lt;pattern&gt; <DD>
Search pattern (literal string).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1) <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

4
doc/qslog.1.html
View file

@ -5,7 +5,7 @@
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSLOG</H1>
Section: qslog man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
Section: qslog man page (1)<BR>Updated: January 2025<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
@ -121,7 +121,7 @@ Post processing:
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>

75
doc/qslogger.1.html
View file

@ -1,75 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSLOGGER</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSLOGGER</H1>
Section: qslogger man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qslogger - another shell command interface to the system log module (syslog).
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qslogger [-t &lt;tag&gt;] [-f &lt;facility&gt;] [-l &lt;level&gt;] [-x &lt;prefix&gt;] [-r &lt;expression&gt;] [-d &lt;level&gt;] [-u &lt;name&gt;] [-p]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
Use this utility to forward log messages to the systems syslog facility, e.g., to forward the messages to a remote host. It reads data from stdin.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<P>
<DL COMPACT>
<DT>-t &lt;tag&gt; <DD>
Defines the tag name which shall be used to define the origin of the messages, e.g. 'httpd'.
<DT>-f &lt;facility&gt; <DD>
Defines the syslog facility. Default is 'daemon'.
<DT>-u &lt;name&gt; <DD>
Becomes another user, e.g. www-data.
<DT>-l &lt;level&gt; <DD>
Defines the minimal severity a message must have in order to be forwarded. Default is 'DEBUG' (forwarding everything).
<DT>-x &lt;prefix&gt; <DD>
Allows you to add a prefix (literal string) to every message.
<DT>-r &lt;expression&gt; <DD>
Specifies a regular expression which shall be used to determine the severity (syslog level) for each log line. The default pattern '^\[[0-9a-zA-Z :]+\] \[([a-z]+)\] ' can be used for Apache error log messages but you may configure your own pattern matching other log formats. Use brackets to define the pattern enclosing the severity string. Default level (if severity can't be determined) is defined by the option '-d' (see below).
<DT>-d &lt;level&gt; <DD>
The default severity if the specified pattern (-r) does not match and the message's severity can't be determined. Default is 'NOTICE'.
<DT>-p <DD>
Writes data also to stdout (for piped logging).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
<BR>&nbsp;&nbsp;ErrorLog&nbsp;&quot;|/usr/bin/qslogger&nbsp;-t&nbsp;apache&nbsp;-f&nbsp;local7&quot;
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

58
doc/qspng.1.html
View file

@ -1,58 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSPNG</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSPNG</H1>
Section: qspng man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qspng - an utility to draw a png graph from <A HREF="qslog.1.html">qslog</A>(1) output data.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qspng -i &lt;stat_log_file&gt; -p &lt;parameter&gt; -o &lt;out_file&gt; [-10]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qspng is a tool to generate png (portable network graphics) raster images files from semicolon separated data generated by the qslog utility. It reads up to the first 1440 entries (24 hours) and prints a graph using the values defined by the 'parameter' name.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-i &lt;stats_log_file&gt; <DD>
Input file to read data from.
<DT>-p &lt;parameter&gt; <DD>
Parameter name, e.g. r/s or usr.
<DT>-o &lt;out_file&gt; <DD>
Output file name, e.g. stat.png.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

4
doc/qsre.1.html
View file

@ -5,7 +5,7 @@
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSRE</H1>
Section: qsre man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
Section: qsre man page (1)<BR>Updated: January 2025<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
@ -33,7 +33,7 @@ The second argument either defines a regular expression or a path to a file cont
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>

4
doc/qsrespeed.1.html
View file

@ -5,7 +5,7 @@
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSRESPEED</H1>
Section: qsrespeed man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
Section: qsrespeed man page (1)<BR>Updated: January 2025<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
@ -31,7 +31,7 @@ Defines the input file to process. The file consists a list of (separated by a n
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qsre.1.html">qsre</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>

86
doc/qsrotate.1.html
View file

@ -1,86 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSROTATE</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSROTATE</H1>
Section: qsrotate man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsrotate - a log rotation tool (similar to Apache's rotatelogs).
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsrotate -o &lt;file&gt; [-s &lt;sec&gt; [-t &lt;hours&gt;]] [-b &lt;bytes&gt;] [-f] [-z] [-g &lt;num&gt;] [-u &lt;name&gt;] [-m &lt;mask&gt;] [-p] [-d]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsrotate reads from stdin (piped log) and writes the data to the provided file rotating the file after the specified time.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-o &lt;file&gt; <DD>
Output log file to write the data to (use an absolute path).
<DT>-s &lt;sec&gt; <DD>
Rotation interval in seconds, default are 86400 seconds.
<DT>-t &lt;hours&gt; <DD>
Offset to UTC (enables also DST support), default is 0.
<DT>-b &lt;bytes&gt; <DD>
File size limitation (default/max. are 2147352576 bytes, min. are 1048576 bytes).
<DT>-f <DD>
Forced log rotation at the specified interval even no data is written.
<DT>-z <DD>
Compress (gzip) the rotated file.
<DT>-g &lt;num&gt; <DD>
Generations (number of files to keep).
<DT>-u &lt;name&gt; <DD>
Become another user, e.g. www-data. -m &lt;mask&gt;
File permission which is either 600, 640, 660 (default) or 664.
<DT>-p <DD>
Writes data also to stdout (for piped logging). -d
Line-by-line data reading prefixing every line with a timestamp.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
<BR>&nbsp;&nbsp;TransferLog&nbsp;&quot;|/usr/bin/qsrotate&nbsp;-f&nbsp;-z&nbsp;-g&nbsp;3&nbsp;-o&nbsp;/var/log/apache/access.log&nbsp;-s&nbsp;86400&quot;
<P>
The name of the rotated file will be /dest/filee.YYYYmmddHHMMSS where YYYYmmddHHMMSS is the system time at which the data has been rotated.
<A NAME="lbAG">&nbsp;</A>
<H2>NOTE</H2>
<BR>&nbsp;-&nbsp;Each&nbsp;qsrotate&nbsp;instance&nbsp;must&nbsp;use&nbsp;an&nbsp;individual&nbsp;file.
<BR>&nbsp;-&nbsp;You&nbsp;may&nbsp;trigger&nbsp;a&nbsp;file&nbsp;rotation&nbsp;manually&nbsp;by&nbsp;sending&nbsp;the&nbsp;signal&nbsp;USR1
to the process.
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">NOTE</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

79
doc/qssign.1.html
View file

@ -1,79 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSSIGN</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSSIGN</H1>
Section: qssign man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qssign - an utility to sign and verify the integrity of log data.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qssign -s|S &lt;secret&gt; [-e] [-v] [-u &lt;name&gt;] [-f &lt;regex&gt;] [-a 'sha1'|'sha256']
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qssign is a log data integrity check tool. It reads log data from stdin (pipe) and writes the data to stdout adding a sequence number and signature to ever log line.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-s &lt;secret&gt; <DD>
Passphrase used to calculate signature.
<DT>-S &lt;program&gt; <DD>
Specifies a program which writes the passphrase to stdout.
<DT>-e <DD>
Writes start/end marker when starting/stopping data signing.
<DT>-v <DD>
Verification mode checking the integrity of signed data.
<DT>-u &lt;name&gt; <DD>
Becomes another user, e.g. www-data.
<DT>-f &lt;regex&gt; <DD>
Filter pattern (case sensitive regular expression) for messages which do not need to be signed.
<DT>-a 'sha1'|'sha256' <DD>
Specifies the algorithm to use. Default is sha1.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Sign:
<P>
<BR>&nbsp;TransferLog&nbsp;&quot;|/usr/bin/qssign&nbsp;-s&nbsp;password&nbsp;-e&nbsp;|/usr/bin/qsrotate&nbsp;-o&nbsp;/var/log/apache/access.log&quot;
<P>
<P>
Verify:
<P>
<BR>&nbsp;cat&nbsp;access.log&nbsp;|&nbsp;qssign&nbsp;-s&nbsp;password&nbsp;-v
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

56
doc/qstail.1.html
View file

@ -1,56 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSTAIL</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSTAIL</H1>
Section: qstail man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qstail - an utility printing the end of a log file starting at the specified pattern.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qstail -i &lt;path&gt; -p &lt;pattern&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qstail shows the end of a log file beginning with the line containing the specified pattern. This may be used to show all lines which has been written after a certain event (e.g., server restart) or time stamp.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-i &lt;path&gt; <DD>
Input file to read the data from.
<DT>-p &lt;pattern&gt; <DD>
Search pattern (literal string).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>