web/mod-qos
1
0
Fork 0
Code Issues Activity

Adding upstream version 11.74.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-03-24 13:01:01 +01:00
parent fb45dd789e
commit 24ecce9d56
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
92 changed files with 43156 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1947
doc/CHANGES.txt Normal file
View file

File diff suppressed because it is too large Load diff

202
doc/LICENSE.txt Normal file
View file

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

79
doc/MESSAGES.txt Normal file
View file

@ -0,0 +1,79 @@
mod_qos version 11.74
mod_qos(001): QS_ClientEventLimitCount directives can't be added/removed by graceful restart. A server restart is required to apply the new configuration!
mod_qos(002): failed to create shared memory (ACT)(%s): %s (%lu bytes)
mod_qos(002): failed to create shared memory (client control)(%s): %s (%d bytes)
mod_qos(003): request level rule %s has no concurrent request limitations
mod_qos(004): failed to create mutex (ACT)(%s): %s
mod_qos(004): failed to create mutex (client control)(%s): %s
mod_qos(006): could not compile request header filter rules: %s
mod_qos(006): could not compile response header filter rules: %s
mod_qos(007): calculated MaxClients/MaxRequestWorkers (max connections): %d, applied limit: %d (QS_MaxClients)
mod_qos(008): could not create supervisor thread (%s), disable request rate enforcement
mod_qos(009): could not retrieve mod_ssl functions
mod_qos(009): failed to initialize the qslog facility '%s'
mod_qos(009): found default error document '%s'. Use the QS_ErrorPage directive to override this default page.
mod_qos(009): loaded MPM is '%s' but mod_qos should be used with MPM 'Worker' or 'Event' only.
mod_qos(009): mod_parp not available (required by some directives)
mod_qos(009): mod_unique_id not available (mod_qos generates simple request id if required)
mod_qos(009): running in 'log only' mode - rules are NOT enforced!
mod_qos(009): server version is %d.%d but mod_qos should be used with Apache 2.4 only.
mod_qos(010): access denied%s, QS_LocRequestLimit* rule: %s(%d), concurrent requests=%d, c=%s, id=%s
mod_qos(011): access denied, QS_CondLocRequestLimitMatch rule: %s(%d), concurrent requests=%d, c=%s, id=%s
mod_qos(012): access denied%s, QS_EventRequestLimit rule: %s(%d), concurrent requests=%d, c=%s, id=%s
mod_qos(013): access denied%s, QS_%sEventLimitCount rule: %s, max=%d, current=%d, c=%s, id=%s
mod_qos(021): session cookie verification failed, decoding failed, id=%s
mod_qos(023): session cookie verification failed, expired, id=%s
mod_qos(025): failed to create session cookie, id=%s
mod_qos(030): access denied%s, QS_SrvMaxConn rule: max=%d, concurrent connections=%d, c=%s
mod_qos(031): access denied (previously), QS_SrvMaxConnPerIP rule: max=%d, concurrent connections=%d, message repeated %d times, c=%s
mod_qos(031): access denied%s, QS_SrvMaxConnPerIP rule: max=%d, concurrent connections=%d, c=%s
mod_qos(031): access denied%s, QS_SrvMaxConnPerIP rule: max=%d, concurrent connections=%d, message repeated %d times, c=%s
mod_qos(034): %s, QS_SrvMinDataRate rule (enforce keep-alive), c=%s
mod_qos(034): %s, QS_SrvMinDataRate rule (%s%s): min=%d, this connection=%d, c=%s
mod_qos(035): QS_SrvMaxConn: no free IP slot available! Check log for unclean child exit and consider to do a graceful server restart if this condition persists. You might also increase the number of supported connections using the 'QS_MaxClients' directive.
mod_qos(036): QS_SrvMinDataRate: unexpected connection status! connections=%d, cal. request rate=%d, max. limit=%d. Check log for unclean child exit and consider to do a graceful server restart if this condition persists. You might also increase the number of supported connections using the 'QS_MaxClients' directive.
mod_qos(037): loaded MPM is 'event' and the QS_KeepAliveTimeout/QS_MaxKeepAliveRequests directives can't be used.
mod_qos(038): DSCP, failed to set socket options, QS_Set_DSCP=%s, socket=%s, rc=%d, id=%s
mod_qos(040): access denied, %s rule id: %s (%s), action=%s, c=%s, id=%s
mod_qos(041): access denied, no permit rule match, action=%s, c=%s, id=%s
mod_qos(042): drop %s header%s: '%s: %s', %s, c=%s, id=%s
mod_qos(043): access denied%s, %s header: '%s: %s', %s, c=%s, id=%s
mod_qos(044): access denied%s, QS_LimitRequestBody: invalid content-length header, c=%s, id=%s
mod_qos(044): access denied%s, QS_LimitRequestBody: max=%ld this=%ld, c=%s, id=%s
mod_qos(045): access denied, invalid request line: can't parse uri, c=%s, id=%s
mod_qos(046): access denied, invalid url encoding, action=%s, c=%s, id=%s
mod_qos(047): access denied, reached milestone '%d' (%s), user has already passed '%s', action=%s, c=%s, id=%s
mod_qos(048): access denied, invalid JSON syntax (%s), action=%s, c=%s, id=%s
mod_qos(049): redirect to %s, var=%s, action=%s, c=%s, id=%s
mod_qos(050): request rate limit, rule: %s(%ld), req/sec=%ld, delay=%dms%s
mod_qos(051): request rate limit, rule: %s(%ld), req/sec=%ld, delay=%dms
mod_qos(060): access denied (previously), QS_ClientEventBlockCount rule: max=%d, current=%hu, message repeated %d times, c=%s
mod_qos(060): access denied, QS_ClientEventBlockCount rule: max=%d, current=%hu, age=%ld, c=%s
mod_qos(060): access denied, QS_ClientEventBlockCount rule: max=%d, current=%hu, message repeated %d times, c=%s
mod_qos(060): access denied%s, QS_ClientEventBlockCount rule: max=%d, current=%hu, age=%ld, c=%s
mod_qos(061): request rate limit, rule: QS_Event(%d), req/sec=%ld, delay=%dms%s
mod_qos(062): request rate limit, rule: QS_Event(%d), req/sec=%ld, delay=%dms
mod_qos(065): access denied%s, QS_ClientEventRequestLimit rule: max=%d, current=%d, c=%s, id=%s
mod_qos(066): access denied%s, QS_ClientPrefer rule (penalty=%d 0x%02x): max=%d, concurrent connections=%d, c=%s
mod_qos(067): access denied%s, QS_%sClientEventLimitCount rule: event=%s, max=%hu, current=%hu, age=%ld, c=%s
mod_qos(068): QS_ClientSerialize exceeds limit of 5 minutes, c=%s, id=%s
mod_qos(068): QS_SrvSerialize exceeds limit of %d seconds, id=%s
mod_qos(069): no valid IP header found (@%s): header '%s' not available, fallback to connection's IP %s, id=%s
mod_qos(069): no valid IP header found (@%s): invalid header value '%s', fallback to connection's IP %s, id=%s
mod_qos(070): console, not acceptable, client data store has not been enabled, id=%s
mod_qos(070): console, not acceptable, invalid ip/wrong format, id=%s
mod_qos(070): console, not acceptable, missing request query (action/address), id=%s
mod_qos(070): console, not acceptable, qos client control has not been activated, id=%s
mod_qos(070): console, not acceptable, unknown action '%s', id=%s
mod_qos(071): console, action '%s' applied to client ip entry '%s', id=%s
mod_qos(071): console, add new client ip entry '%s', is=%s
mod_qos(072): handler has been disabled for this host, id=%s
mod_qos(080): Can't generate random data, id=%s
mod_qos(083): Can't generate random data.
mod_qos(100): QS_ClientGeoCountryDB has not been configured
mod_qos(101): access denied%s, QS_ClientGeoCountryPriv rule: max=%d, concurrent connections=%d, c=%s country=%s
mod_qos(147): access denied, reached milestone '%d' (%s), earlier than expected (right after %ld instead of %d seconds), action=%s, c=%s, id=%s
mod_qos(166): unexpected connection dispatching, skipping connection counter update for QS_ClientPrefer rule, c=%s
mod_qos(167): closing connection at process connection hook, c=%s
mod_qos(200): { "scoreboard": { "open": %d, "waiting": %d, "read": %d, "write": %d, "keepalive": %d, "start": %d, "log": %d, "dns": %d, "closing": %d, "finishing": %d, "idle": %d }, "maxclients": { "max": %d, "busy": %d%s }%s }
mod_qos(210): ENV %s %s %s

BIN
doc/favicon.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

603
doc/glossary.html Normal file
View file

@ -0,0 +1,603 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>mod_qos - Additional Information</title>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
<meta name="author" content="Pascal Buchbinder" />
<meta name="KeyWords" content="mod_qos, Quality of Service, Apache Web Server" />
<link rel="shortcut icon" href="favicon.ico" />
<style TYPE="text/css">
<!--
body {
background-color: white;
color: black;
font-family: sans-serif, arial, verdana;
font-weight: normal;
text-align: left;
}
a:link { color:#00673F; text-decoration:none; }
a:visited { color:#00673F; text-decoration:none; }
a:focus { color:black; text-decoration:underline; }
a:hover { color:black; text-decoration:underline; }
a:active { color:black; text-decoration:underline; }
syntax { font-family: monospace; font-size: 14; line-height: 1.6; }
.btable { font-size:0.75em; }
-->
</style>
</head>
<body>
<!--
Quality of service module for Apache Web Server.
See http://mod-qos.sourceforge.net/ for further details.
Copyright (C) 2023 Pascal Buchbinder
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<table>
<tbody>
<tr><td><a href="index.html"><img src="images/mod_qos.gif" alt="mod_qos" title="mod_qos" /></a></td>
<td style="vertical-align: bottom;"><h1>Additional Information</h1></td></tr>
<tr><td>&nbsp;</td>
<td>
<p>
This page gives you additional information on certain aspects of
<a href="index.html">mod_qos</a> to get a better understanding about
how to use the module.
</p>
<hr>
<p>
<ul>
<li><a href="#directives">Directives</a></li>
<li><a href="#rules">Rules</a></li>
<li><a href="#variables">Environment Variables</a></li>
<li><a href="#concurrency">Concurrency Counter</a></li>
<ul>
<li><a href="#QS_LocRequestLimit_Example">Sample Use Case</a></li>
</ul>
<li><a href="#repeat">Repeat Counter</a></li>
<li><a href="#throughput">Throughput Control</a></li>
<ul>
<li><a href="#requestPerSecond">Requests per Second</a></li>
</ul>
<li><a href="#serialization">Serialization</a></li>
<li><a href="#ssi">Error Pages and Server Side Includes (SSI)</a></li>
<li><a href="#UserTracking">User Tracking</a></li>
<li><a href="#RequestStatistics">Request Statistics Using <i>qslog</i></a></li>
</ul>
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="directives"></a>
<h2>Directives</h2>
<p>
The module is configured by directives. All directives process the
connection, HTTP request, and response data in a pre-defined sequence.
The following graph shows the order in which the directives work.
</p>
<p>
<a href="images/directive_seq.gif"><img src="images/directive_seq.gif" height="435" width="558" title="directive sequence" alt="directive sequence"/></a>
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="rules"></a>
<h2>Rules</h2>
<p>
<a href="index.html">mod_qos</a> allows you to configure different kind of
rules. The main component of a rule is its counter. A rule measures either
the <a href="#concurrency">concurrency</a> (how many times something happens
at the same time), the <a href="#repeat">occurrence </a> (how often does
something happen in a certain amount of time), or the
<a href="#throughput">throughput</a> (sent amount of data or number of
request) and stores this information within that counter.</p>
<p>
Every rule has it's own threshold and maintains its own counter. A rule
is identified by either an URL pattern/matching string or by an
<a href="#variables">environment variable name</a>.
You can configure as many rules as you want. </p>
<img src="images/Rule.png" height="164" width="514" alt="Rule" />
<p>
<i>Note: Some counters are only available once. This applies to the counters of
the rules using the
<code><a href="index.html#QS_Block">QS_Block</a></code>,
<code><a href="index.html#QS_SrvSerialize_var">QS_SrvSerialize</a></code>, and
<code><a href="index.html#QS_Serialize">QS_Serialize</a></code>
<a href="#variables">environment variables</a>.
</i>
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="variables"></a>
<h2>Environment Variables</h2>
<p>
The Apache web server provides a mechanism for storing information
in so called <i>environment variables</i>. <a href="index.html">mod_qos</a> uses these
variables to exchange data respectively signalize events between
<a href="#rules">different rules</a> defined by the
<a href="#directives">corresponding directive</a>. These
variables can also be written or read by other Apache modules, such as
<a href="http://modsetenvifplus.sourceforge.net/">mod_setenvifplus <img src="images/link.png"/></a>
or <a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html">mod_setenvif <img src="images/link.png"/></a>.
</p>
<p>Example:<br>
The <code><a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif">SetEnvIf <img src="images/link.png"/></a></code> directive
is used to set the <i>LimitLogin</i> variable if the request line matches
the <code>^/wp-login.php</code> pattern while the
<a href="index.html#QS_ClientEventLimitCount"><code>QS_ClientEventLimitCount</code></a>
directives increments the <a href="#repeat">repeat counter</a> having the same name
if the variable is present.
<br>
<img src="images/Events.png" height="396" width="795" alt="Event set by SetEnvIf and processed by QS_ClientEventLimitCount" />
</p>
<p>It is also possible to write the values of these variables to your log
file using the format string <code>%{VARNAME}e</code> within the
<code><a href="http://httpd.apache.org/docs/current/mod/mod_log_config.html">TransferLog/CustomLog <img src="images/link.png"/></a></code>
directives. Or you can use them within error pages using
<a href="#ssi">server-side includes (SSI)</a>.
</p>
<p>
<i>Note: Whenever you use a directive (such as
<code><a href="http://modsetenvifplus.sourceforge.net/#SetEnvIfPlus">SetEnvIfPlus <img src="images/link.png"/></a></code>) which can either process request attributes (such
as HTTP headers) or environment variables, you must make sure that
a client can not bypass your rules by sending a request header
with the same name as the environment variable used in your configuration.
Use either the <a href="index.html#QS_RequestHeaderFilter">request header filter</a>
or the <code><a href="index.html#QS_UnsetReqHeader">QS_UnsetReqHeader</a></code>
directive to prevent anyone from sending a request header with the same name as
the variable you have defined.
</i></p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="concurrency"></a>
<h2>Concurrency Counter</h2>
<p>
A "concurrency counter" is used to determine how many times something
happens at the same time (concurrent), e.g. HTTP requests accessing the same
resource/URL at the same time. The rules using this counter type are either
defined by an <a href="#variables">environment variable name</a> or an
URL pattern (regular expression or a string matching the request's URL).
Such a rule automatically increments the counter when the Apache web server
starts to process a matching request and decrements the counter when the
request processing is completed.
</p>
<p>
You have to configure a threshold and the rule's variable name resp. URL
pattern. Requests (or new connections) are denied as soon as the configured
threshold is reached.
</p>
<p>
Directives using this counter type are:
<ul>
<li><a href="index.html#QS_LocRequestLimitMatch"><syntax>QS_LocRequestLimitMatch</syntax></a></li>
<li><a href="index.html#QS_LocRequestLimit"><syntax>QS_LocRequestLimit</syntax></a></li>
<li><a href="index.html#QS_CondLocRequestLimitMatch"><syntax>QS_CondLocRequestLimitMatch</syntax></a></li>
<li><a href="index.html#QS_EventRequestLimit"><syntax>QS_EventRequestLimit</syntax></a></li>
<li><a href="index.html#QS_ClientEventRequestLimit"><syntax>QS_ClientEventRequestLimit</syntax></a></li>
</ul>
Also the
<a href="index.html#QS_SrvMaxConn"><code>QS_SrvMaxConn</code></a>,
<a href="index.html#QS_SrvMaxConnClose"><code>QS_SrvMaxConnClose</code></a>, and
<a href="index.html#QS_SrvMaxConnPerIP"><code>QS_SrvMaxConnPerIP</code></a>
directives use this counter type, although with fewer parameter options.
</p>
<p>
<a name="QS_LocRequestLimit_Example"></a>
<h4>Sample Use Case</h4>
Now let us look at an example to show where these rules can be used.
Let's assume that you have two applications. We call them
"<font color="green">A</font>" and "<font color="blue">B</font>".
Application "<font color="green">A</font>" has been deployed on
path <code>/app/a</code> and "<font color="blue">B</font>"
on <code>/app/b</code>.
<table width="780px">
<tr>
<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>
As long as the server has enough resources, users can access both
applications the same time without influencing each other.<br>
All requests are processed quickly and the workers (w) become free
again to serve new requests.
<br><br>
</td>
<td>
<small>&nbsp;</small> <img src="images/qsloc1.png" height="216" width="408" alt="trouble-free"/>
</td>
</tr>
<tr>
<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>
But if the application "<font color="blue">B</font>" becomes slow,
the duration of request processing increases and all workers (w) become busy.
There are no free workers left and application
"<font color="green">A</font>" becomes unavailable because of that.
<br><br>
</td>
<td>
<img src="images/qsloc2.png" height="212" width="422" alt="disruption"/>
</td>
</tr>
<tr>
<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>
A <a href="index.html#QS_LocRequestLimit"><code>QS_LocRequestLimit</code></a> or
<a href="index.html#QS_LocRequestLimitMatch"><code>QS_LocRequestLimitMatch</code></a>
rule can help in such a situation. mod_qos limits the
number of requests to application "<font color="blue">B</font>"
so that application "<font color="green">A</font>" remains
available even if application "<font color="blue">B</font>"
has performance problems.
</td>
<td>
<img src="images/qsloc3.png" height="244" width="422" alt="disruption"/>
</td>
</tr>
</table>
<br>
Such a scenario can occur due to various infrastructure problems,
e.g., by slow database queries.<br> A similar situation can also
arise through an external influence: if someone penetrates application
"<font color="blue">B</font>" with a <i>HTTP GET / POST flood DoS attack</i>,
then application "<font color="green">A</font>" could also become
unreachable.
A <a href="index.html#QS_LocRequestLimit"><code>QS_LocRequestLimit</code></a>
rule can prevent this.
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="repeat"></a>
<h2>Repeat Counter</h2>
<p>
"Repeat counters" limit the number how often (Cr) something is allowed to
happen in a certain amount of time (Td). These rules trigger a timer whenever
the defined event occurs the first time and start to count every subsequent event
until the timer expires. If the event counter reaches the defined limitation,
requests are blocked until the time is up.
</p>
<p>
<img src="images/LimitCount.png" height="432" width="576" alt="reapet counter"/>
</p>
<p>
All repeat counters allow you to define an event which shall
increment the counter if they occur. You also have to configure a
duration Td and the threshold Cr, defining how many events are
allowed within the time Td.</p>
<p>Directive parameter example:<br>
<img src="images/LimitCountExample.png" height="165" width="574" alt="QS_ClientEventLimitCount" />
</p>
<p>
While the counter is automatically cleared (set to 0) when the
time Td is up, you might also configure additional events to
<a href="index.html#_Decrement">decrement</a> or
<a href="index.html#_Clear">clear</a> the counter earlier.
</p>
<p>
The directives using this counter type are:
<ul>
<li><a href="index.html#QS_EventLimitCount"><syntax>QS_EventLimitCount</syntax></a></li>
<li><a href="index.html#QS_CondEventLimitCount"><syntax>QS_CondEventLimitCount</syntax></a></li>
<li><a href="index.html#QS_ClientEventLimitCount"><syntax>QS_ClientEventLimitCount</syntax></a></li>
<li><a href="index.html#QS_CondClientEventLimitCount"><syntax>QS_CondClientEventLimitCount</syntax></a></li>
<li><a href="index.html#QS_ClientEventBlockCount"><syntax>QS_ClientEventBlockCount</syntax></a></li>
</ul>
<i>Note: Some directives support the increase of the counter by more than "1"
taking the variable's value into account.</i>
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="throughput"></a>
<h2>Throughput Control</h2>
<p>
Throughput control is implemented by measuring the current usage and
calculating a necessary delay which needs to be applied to the
data processing in order to achieve the desired limitation (closed
loop control system).
</p>
<p>
<img src="images/ClosedLoop.png" height="216" width="478" alt="closed loop"/>
</p>
<p>
<a href="index.html">mod_qos</a> can limit the bandwidth when downloading
data from your web server to the client. This throughput control can
be configured by the following directives:
<ul>
<li><a href="index.html#QS_LocKBytesPerSecLimitMatch"><syntax>QS_LocKBytesPerSecLimitMatch</syntax></a></li>
<li><a href="index.html#QS_LocKBytesPerSecLimit"><syntax>QS_LocKBytesPerSecLimit</syntax></a></li>
<li><a href="index.html#QS_EventKBytesPerSecLimit"><syntax>QS_EventKBytesPerSecLimit</syntax></a></li>
</ul>
<i>Note: Throughput control should always be used with a <a href="#concurrency">concurrency counter</a>
because the added delay increases the number of simultaneous requests.
</i></p>
<a name="requestPerSecond"></a>
<h3>Requests per Second</h3>
<p>
It is also possible to limit the number or requests per second to a
resource. This control function is less accurate than the bandwidth
limitation, since the measurement of the request rate takes longer
(several seconds) and the request delay is more coarse-grained.<br>
The following directive can be used to limit the number of requests
per second:
<ul>
<li><a href="index.html#QS_LocRequestPerSecLimitMatch"><syntax>QS_LocRequestPerSecLimitMatch</syntax></a></li>
<li><a href="index.html#QS_LocRequestPerSecLimit"><syntax>QS_LocRequestPerSecLimit</syntax></a></li>
<li><a href="index.html#QS_EventPerSecLimit"><syntax>QS_EventPerSecLimit</syntax></a></li>
<li><a href="index.html#QS_ClientEventPerSecLimit"><syntax>QS_ClientEventPerSecLimit</syntax></a></li>
</ul>
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="serialization"></a>
<h2>Serialization</h2>
<p>
<a href="index.html">mod_qos</a> offers you the option to serialize requests.
Serialization means, that requests are processed one after the other. Incoming
requests are queued if another request is in process and have to wait until
the previous request is finished.
</p>
<p>
<img src="images/Serialization.png" height="336" width="570" alt="serialization"/>
</p>
<p>
Requests, which shall be serialized, are tagged by one of the following
<a href="#variables">environment variables</a>:
<ul>
<li><syntax><a href="index.html#QS_SrvSerialize_var">QS_SrvSerialize</a></syntax></li>
<li><syntax><a href="index.html#QS_Serialize">QS_Serialize</a></syntax></li>
</ul>
</p>
<p>
Serialization might be applied on a per
<a href="index.html#QS_SrvSerialize">server level</a> (serializing all HTTP
requests) or on a <a href="index.html#QS_ClientSerialize">per client level</a>
(serializing multiple requests coming from the same client/IP address).
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="ssi"></a>
<a name="SSI"></a>
<h2>Error Pages and Server Side Includes (SSI)</h2>
<p>
Custom error documents to be used by <a href="index.html">mod_qos</a>
are either configured using the
<code><a href="index.html#QS_ErrorPage">QS_ErrorPage</a></code> directive
or the <code><a href="index.html#QS_ErrorPage_Var">QS_ErrorPage</a></code>
variable.<br>
You may also use Apache's <a href="http://httpd.apache.org/docs/current/howto/ssi.html">server-side includes (SSI) <img src="images/link.png"/></a> to generate the content
of the error document dynamically. The <a href="index.html#errorlog">error codes</a> and
other <a href="index.html#variables">variables</a> set by
<a href="index.html">mod_qos</a> can be used.
</p>
<p>
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2">
Sample configuration:<br>
<pre>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
QS_ErrorPage <a href="#qs_error.shtml">/errorpages/qs_error.shtml</a>
</pre>
</td></tr>
</table>
</p>
<p>
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2"><a name="qs_error.shtml"></a>
Sample page:<br>
<pre>
&lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"&gt;
&lt;html&gt;
&lt;head&gt;
&lt;!--
-- mod_qos sample SSI error page (Apache 2.4)
--&gt;
&lt;meta http-equiv="Cache-Control" content="no-cache, no-store"/&gt;
&lt;meta http-equiv="expires" content="0" /&gt;
&lt;title&gt;ERROR - &lt;!--#echo var="REDIRECT_ERROR_NOTES" --&gt;&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;p&gt;
&lt;b&gt;&lt;i&gt;sorry - the server was unable to complete your request&lt;/i&gt;&lt;/b&gt;
&lt;/p&gt;
&lt;p&gt;
code: mod_qos(&lt;!--#echo var="<a href="index.html#QS_ErrorNotes">QS_ErrorNotes</a>" --&gt;)&lt;br&gt;
&lt;!--#if expr="v('REDIRECT_ERROR_NOTES') =~ /00[0-9]/" --&gt;
reason: initialisation failure
&lt;!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /0[18][0-9]/" --&gt;
reason: request rule
&lt;!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /03[0-9]/" --&gt;
reason: connection rule
&lt;!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /[01]4[0-9]/" --&gt;
reason: request filter
&lt;!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /05[0-9]/" --&gt;
reason: bandwidth limitation
&lt;!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /[01]6[0-9]/" --&gt;
reason: client limitation &lt;br&gt;
remaining time: &lt;span id="remaining"&gt;&lt;!--#echo var="<a href="index.html#QS_Limit_Remaining">QS_Limit_Remaining</a>" --&gt;&lt;/span&gt; seconds
&lt;script type="text/javascript"&gt;
&lt;!--
setInterval(function () {
var msg = document.getElementById('remaining');
if(msg) {
var value = msg.innerHTML;
var remainTime = value - 1;
if(remainTime &lt; 0) {
window.location = window.location.pathname;
} else {
msg.innerHTML = remainTime;
}
}
}, 1000);
//--&gt;
&lt;/script&gt;
&lt;!--#elif expr="v('REDIRECT_ERROR_NOTES') =~ /10[0-9]/" --&gt;
reason: GEO location limitation
&lt;!--#else --&gt;
reason: generic failure
&lt;!--#endif --&gt;
&lt;/p&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre>
</td></tr>
</table>
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="UserTracking"></a>
<a name="QS_UserTrackingCookieName"></a>
<h2>User Tracking</h2>
<p>
It might be necessary to identify individual users to define appropriate QoS
rules. For this reason, <a href="index.html">mod_qos</a> can set a cookie
containing a unique identifier. This identifier is then written to the
<code><a href="index.html#mod_qos_user_id">mod_qos_user_id</a></code>
environment variable and you can add it to your log files by the
format string <code>%{mod_qos_user_id}e</code>. This allows you to identify
all requests issued by a user.</p>
<p>
This feature is enabled by the following directive:
<ul>
<li><syntax>QS_UserTrackingCookieName &lt;name&gt; [&lt;path&gt;] [&lt;domain&gt;] ['session'] ['jsredirect']</syntax><br>
The parameter "name" defines the cookie's name and "domain" (optional)
the domain attribute for the Set-Cookie header. The string "session" can
be defined if the cookie should not be stored by the session (but can
be deleted when the user closes this browser).
</li>
</ul>
You can also enforce the browser to support cookies by specifying the
"path" parameter for the <code>QS_UserTrackingCookieName</code> directive.
This parameter defines an error document and mod_qos
answers the request with a redirect (302) to this document when setting
the cookie initially. The browser will follow the redirect and mod_qos
redirects the browser back to the initially requested page if the request
to this error document contains the tracking cookie. If the browser did not
send the cookie, the error document is shown.
</p>
<p> <img src="images/UserTracking.png" height="386" width="410" alt="user tracking cookie enforcement"/></p>
<p>
<i>Note: You can exclude certain clients from this enforcement by
setting the <code>DISABLE_UTC_ENFORCEMENT</code>
<a href="#variables">environment variable</a>
at server level (outside Location), e.g., to allow crawlers not
supporting cookies to access your site.</i>
</p>
<p>
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2">
Sample configuration:<br>
<pre>
<a href="index.html#QS_UserTrackingCookieName">QS_UserTrackingCookieName</a> qstrack <a href="#cookiecheck">/errorpages/cookiecheck.html</a> session
<a href="index.html#QS_SessionKey">QS_SessionKey</a> sB.F4_0%D700ahXT2
</pre>
</td></tr>
</table>
</p>
<p>
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2"><a name="cookiecheck"></a>
Sample page:<br>
<pre>
&lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"&gt;
&lt;html&gt;
&lt;head&gt;
&lt;meta http-equiv="Cache-Control" content="no-cache, no-store"/&gt;
&lt;meta http-equiv="expires" content="0" /&gt;
&lt;title&gt;Cookie Check Page&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;h1&gt;Cookie Check Failed&lt;/h1&gt;
&lt;p&gt;
Please enable cookies in your browser.&lt;br&gt;
Bitte schalten Sie in Ihrem Browser Cookies ein.&lt;br&gt;
Activez les cookies dans votre navigateur, s'il vous pla&amp;icirc;t.&lt;br&gt;
Por favor active las cookies en su navegador.&lt;br&gt;
Si prega di attivare i cookies nel proprio browser.&lt;br&gt;
&lt;/p&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre>
</td></tr>
</table>
</p>
<!-- --------------------------------------------------------- -->
<hr>
<a name="qslog"></a>
<a name="RequestStatistics"></a>
<h2>Request Statistics Using <i>qslog</i></h2>
<p>
<code><a href="qslog.1.html">qslog</a></code> is a command line tool to
generate usage statistics data from log files. It can generate the data in
real time if defined within your Apache's server configuration.
<table border="0" cellspacing="5" cellpadding="10" width="100%">
<tr><td bgcolor="#E2EDE2">
Sample configuration:<br>
<pre>
CustomLog "|/usr/bin/qslog -o logs/qslog.csv -x -f ISBDk" "%h %&gt;s %b %D %k"
</pre>
</td></tr>
</table>
</p><p>
Or you can use it to process any existing log file using the post processing
option <code>-p</code>. This does not only work for
<a href="http://httpd.apache.org/docs/current/mod/mod_log_config.html">Apache log <img src="images/link.png"/></a> files but for any other log file as well. You just have to know what's in the log
and configure the format string argument <code>-f</code> of the
<code><a href="qslog.1.html">qslog</a></code> command accordingly.
</p>
<p>
Example:<br>
<img src="images/qslogFormat.png" height="381" width="738" alt="log format definition"/>
</p>
<p>
The output shows the data as a function of time: a summary of what happened every minute.
Each line includes all measured values as semicolon spearated name/value pairs (CSV).
</p>
<p>
You can use the spreadsheet program of your choice to process the output:<br><br>
<img src="images/qslog_spreadsheet_example.png" height="413" width="850" alt="spreadsheet"/>
</p>
<!-- --------------------------------------------------------- -->
</td></tr>
</tbody>
</table>
<br>
<hr>
<SMALL><SMALL>&copy; 2023, Pascal Buchbinder</SMALL></SMALL>
</body>
</html>

97
doc/headerfilterrules.txt Normal file
View file

@ -0,0 +1,97 @@
QS_RequestHeaderFilter rules:
name=Accept, action=drop, size=300, pattern=^([a-zA-Z0-9_*+-]+/[a-zA-Z0-9_*+.-]+(;[ ]?[a-zA-Z0-9]+=[0-9]+)?[ ]?(;[ ]?[qv]=[a-z0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9_*+-]+/[a-zA-Z0-9_*+.-]+(;[ ]?[a-zA-Z0-9]+=[0-9]+)?[ ]?(;[ ]?[qv]=[a-z0-9.]+)?))*$
name=Accept-Charset, action=drop, size=300, pattern=^([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?))*$
name=Accept-Encoding, action=drop, size=500, pattern=^([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?))*$
name=Accept-Language, action=drop, size=200, pattern=^([a-zA-Z*-]+[0-9]{0,3}(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z*-]+[0-9]{0,3}(;[ ]?q=[0-9.]+)?))*$
name=Access-Control-Request-Method, action=drop, size=10, pattern=^[a-zA-Z]+$
name=Access-Control-Request-Headers, action=drop, size=500, pattern=^([a-zA-Z0-9-]+){1}([ ]?,[ ]?([a-zA-Z0-9-]+))*$
name=Authorization, action=drop, size=4000, pattern=^[a-zA-Z0-9 +/$=:]+$
name=Cache-Control, action=drop, size=100, pattern=^(no-cache|no-store|max-age=[0-9]+|max-stale(=[0-9]+)?|min-fresh=[0-9]+|no-transform|only-if-chached){1}([ ]?,[ ]?(no-cache|no-store|max-age=[0-9]+|max-stale(=[0-9]+)?|min-fresh=[0-9]+|no-transform|only-if-chached))*$
name=Connection, action=drop, size=100, pattern=^([teTE]+,[ ]?)?([a-zA-Z0-9-]+){1}([ ]?,[ ]?([teTE]+))?$
name=Content-Encoding, action=deny, size=100, pattern=^[a-zA-Z0-9-]+(,[ ]*[a-zA-Z0-9-]+)*$
name=Content-Language, action=drop, size=100, pattern=^([0-9a-zA-Z]{0,8}(-[0-9a-zA-Z]{0,8})*)(,[ ]*([0-9a-zA-Z]{0,8}(-[0-9a-zA-Z]{0,8})*))*$
name=Content-Length, action=deny, size=10, pattern=^[0-9]+$
name=Content-Location, action=deny, size=200, pattern=^[:/?#\[\]@!$&'()*+,;=a-zA-Z0-9._~% -]+$
name=Content-md5, action=deny, size=50, pattern=^[a-zA-Z0-9 +/$=:]+$
name=Content-Range, action=deny, size=50, pattern=^(bytes[ ]+([0-9]+-[0-9]+)/([0-9]+|\*))$
name=Content-Type, action=deny, size=200, pattern=^(["a-zA-Z0-9*/; =-]+){1}([ ]?,[ ]?(["a-zA-Z0-9*/; =-]+))*$
name=Cookie, action=drop, size=3000, pattern=^[:/?#\[\]@!$&'()*+,;="a-zA-Z0-9._~% -]+$
name=Cookie2, action=drop, size=3000, pattern=^[:/?#\[\]@!$&'()*+,;="a-zA-Z0-9._~% -]+$
name=DNT, action=drop, size=3, pattern=^[0-9]+$
name=Expect, action=drop, size=200, pattern=^[a-zA-Z0-9= ;.,-]+$
name=From, action=drop, size=100, pattern=^[a-zA-Z0-9=@;.,()-]+$
name=Host, action=drop, size=100, pattern=^[a-zA-Z0-9.-]+(:[0-9]+)?$
name=If-Invalid, action=drop, size=500, pattern=^[a-zA-Z0-9_.:;() /+!-]+$
name=If-Match, action=drop, size=100, pattern=^(W/)?[a-zA-Z0-9=@;.,*"-]+$
name=If-Modified-Since, action=drop, size=100, pattern=^[a-zA-Z0-9 :,]+$
name=If-None-Match, action=drop, size=100, pattern=^(W/)?[a-zA-Z0-9=@;.,*"-]+$
name=If-Range, action=drop, size=100, pattern=^[a-zA-Z0-9=@;.,*"-]+$
name=If-Unmodified-Since, action=drop, size=100, pattern=^[a-zA-Z0-9 :,]+$
name=If-Valid, action=drop, size=500, pattern=^[a-zA-Z0-9_.:;() /+!-]+$
name=Keep-Alive, action=drop, size=20, pattern=^[0-9]+$
name=Max-Forwards, action=drop, size=20, pattern=^[0-9]+$
name=Origin, action=drop, size=2000, pattern=^[:/?#\[\]@!$&'()*+,;=a-zA-Z0-9._~% -]+$
name=Proxy-Authorization, action=drop, size=400, pattern=^[a-zA-Z0-9 +/$=:]+$
name=Pragma, action=drop, size=200, pattern=^[a-zA-Z0-9= ;.,-]+$
name=Range, action=drop, size=200, pattern=^[a-zA-Z0-9=_.:;() /+!-]+$
name=Referer, action=drop, size=2000, pattern=^[:/?#\[\]@!$&'()*+,;=a-zA-Z0-9._~% -]+$
name=TE, action=drop, size=100, pattern=^([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?){1}([ ]?,[ ]?([a-zA-Z0-9*-]+(;[ ]?q=[0-9.]+)?))*$
name=Transfer-Encoding, action=deny, size=100, pattern=^(chunked|Chunked|compress|Compress|deflate|Deflate|gzip|Gzip|identity|Identity)([ ]?,[ ]?(chunked|Chunked|compress|Compress|deflate|Deflate|gzip|Gzip|identity|Identity))*$
name=Unless-Modified-Since, action=drop, size=100, pattern=^[a-zA-Z0-9 :,]+$
name=User-Agent, action=drop, size=300, pattern=^[a-zA-Z0-9]+[a-zA-Z0-9_.:;()\[\]@ /+!=,-]+$
name=Upgrade-Insecure-Requests, action=drop, size=1, pattern=^1$
name=Via, action=drop, size=100, pattern=^[a-zA-Z0-9_.:;() /+!-]+$
name=X-Forwarded-For, action=drop, size=100, pattern=^[a-zA-Z0-9_.:-]+(, [a-zA-Z0-9_.:-]+)*$
name=X-Forwarded-Host, action=drop, size=100, pattern=^[a-zA-Z0-9_.:-]+$
name=X-Forwarded-Server, action=drop, size=100, pattern=^[a-zA-Z0-9_.:-]+$
name=X-lori-time-1, action=drop, size=20, pattern=^[0-9]+$
name=X-Do-Not-Track, action=drop, size=20, pattern=^[0-9]+$
QS_ResponseHeaderFilter rules:
name=Age, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Accept-Ranges, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Access-Control-Allow-Origin, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Access-Control-Allow-Methods, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Access-Control-Allow-Headers, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Access-Control-Max-Age, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Access-Control-Allow-Credentials, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Access-Control-Expose-Headers, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Allow, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Cache-Control, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-Disposition, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-Encoding, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-Language, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-Length, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-Location, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-MD5, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-Range, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Content-Security-Policy, action=drop, size=8000, pattern=^[\x20-\xFF]*$
name=Content-Type, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Connection, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Date, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=ETag, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Expect, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Expires, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Keep-Alive, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Last-Modified, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Location, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Proxy-Authenticate, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Public-Key-Pins, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Public-Key-Pins-Report-Only, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Retry-After, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Pragma, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Server, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Set-Cookie, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Set-Cookie2, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Strict-Transport-Security, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=Vary, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=WWW-Authenticate, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=X-Content-Security-Policy, action=drop, size=8000, pattern=^[\x20-\xFF]*$
name=X-Content-Type-Options, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=X-Frame-Options, action=drop, size=4000, pattern=^[\x20-\xFF]*$
name=X-XSS-Protection, action=drop, size=4000, pattern=^[\x20-\xFF]*$
mod_qos 11.74

BIN
doc/images/ClientPrefer.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
doc/images/ClosedLoop.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
doc/images/Events.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
doc/images/LimitCount.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
doc/images/LimitCountExample.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
doc/images/QS_ClientEventBlockCount.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 35 KiB

BIN
doc/images/Rule.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
doc/images/Serialization.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
doc/images/SrvMinDataRate.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
doc/images/UserTracking.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
doc/images/directive_seq.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 182 KiB

BIN
doc/images/download.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.2 KiB

BIN
doc/images/link.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 208 B

BIN
doc/images/mod_qos.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 7.7 KiB

BIN
doc/images/qsloc.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 81 KiB

BIN
doc/images/qsloc1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
doc/images/qsloc2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
doc/images/qsloc3.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
doc/images/qslogFormat.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
doc/images/qslog_spreadsheet_example.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 219 KiB

2751
doc/index.html Normal file
View file

File diff suppressed because it is too large Load diff

85
doc/qsdt.1.html Normal file
View file

@ -0,0 +1,85 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSDT</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSDT</H1>
Section: qsdt man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsdt calculates the elapsed time between two related log messages.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsdt [-t &lt;regex&gt;] -i &lt;regex&gt; -s &lt;regex&gt; -e &lt;regex&gt; [-v] [&lt;path&gt;]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsdt is a simple tool to search two different messages in a log file and calculates the elapsed time between these lines. The two log messages need a common identifier such an unique request id (UNIQUE_ID), a thread id, or a transaction code.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-t &lt;regex&gt; <DD>
Defines a pattern (regular expression) matching the log line's timestamp. The pattern must include two sub-expressions, one matching hours, minutes and seconds the other matching the milliseconds. Default pattern is ([0-9]{2}:[0-9]{2}:[0-9]{2})[.,]([0-9]{3})
<DT>-i &lt;regex&gt; <DD>
Pattern (regular expression) matching the identifier which the two messages have in common. The sub-expression defines the part which needs to be extracted from the matching string. Note: You can also use the start (-s) and end (-e) pattern to define the sub-expression matching this identifier.
<DT>-s &lt;regex&gt; <DD>
Defines the pattern (regular expression or literal string) identifying the first (start) of the two messages.
<DT>-e &lt;regex&gt; <DD>
Defines the pattern (regular expression or literal string) identifying the second (end) of the two messages.
<DT>-v <DD>
Verbose mode.
<DT>&lt;path&gt; <DD>
Defines the input file to process. qsdt reads from from standard input if this parameter is omitted.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Sample command line arguments:
<P>
<BR>&nbsp;&nbsp;-i&nbsp;'&nbsp;([a-z0-9]+)&nbsp;[A-Z]+&nbsp;'&nbsp;-s&nbsp;'Received&nbsp;Request'&nbsp;-e&nbsp;'Received&nbsp;Response'
<P>
<BR>&nbsp;matching&nbsp;those&nbsp;sample&nbsp;log&nbsp;messages:
<BR>&nbsp;&nbsp;2018-03-12&nbsp;16:34:08.653&nbsp;threadid23&nbsp;INFO&nbsp;Received&nbsp;Request
<BR>&nbsp;&nbsp;2018-03-13&nbsp;16:35:09.891&nbsp;threadid23&nbsp;DEBUG&nbsp;MessageHandler&nbsp;Received&nbsp;Response
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>NOTE</H2>
The four patterns (t,i,s,e) are concatenated into two search patterns:
<BR>&nbsp;first&nbsp;(start):&nbsp;[t&nbsp;(HH:MM:SS)(SSS)&nbsp;].*[i&nbsp;(id)&nbsp;].*[s&nbsp;]
<BR>&nbsp;second&nbsp;(end):&nbsp;&nbsp;[t&nbsp;(HH:MM:SS)(SSS)&nbsp;].*[i&nbsp;(id)&nbsp;].*[e&nbsp;]
<P>
And the three sub-expression are used to extract the timestamp and the unique identifier that the start and end message have in common. This means that you could specify the sub-expression for the unique identifier in the start (-s) or end (-e) pattern alternatively, e.g. in case the identifier is at the end of the log line.
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">NOTE</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

72
doc/qsexec.1.html Normal file
View file

@ -0,0 +1,72 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSEXEC</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSEXEC</H1>
Section: qsexec man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsexec - parses the data received via stdin and executes the defined command on a pattern match.
<P>
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsexec -e &lt;pattern&gt; [-t &lt;number&gt;:&lt;sec&gt;] [-c &lt;pattern&gt; [&lt;command string&gt;]] [-p] [-u &lt;user&gt;] &lt;command string&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsexec reads log lines from stdin and searches for the defined pattern. It executes the defined command string on pattern match.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-e &lt;pattern&gt; <DD>
Specifies the search pattern causing an event which shall trigger the command.
<DT>-t &lt;number&gt;:&lt;sec&gt; <DD>
Defines the number of pattern match within the the defined number of seconds in order to trigger the command execution. By default, every pattern match causes a command execution.
<DT>-c &lt;pattern&gt; [&lt;command string&gt;] <DD>
Pattern which clears the event counter. Executes optionally a command if an event command has been executed before.
<DT>-p <DD>
Writes data also to stdout (for piped logging).
<DT>-u &lt;name&gt; <DD>
Become another user, e.g. www-data.
<DT>&lt;command string&gt; <DD>
Defines the event command string where $0-$9 are substituted by the submatches of the regular expression.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Executes the deny.sh script providing the IP address of the client causing a mod_qos(031) messages whenever the log message appears 10 times within at most one minute:
<BR>&nbsp;&nbsp;ErrorLog&nbsp;&quot;|/usr/bin/qsexec&nbsp;-e&nbsp;\'mod_qos\(031\).*,&nbsp;c=([0-9a-zA-Z:.]*)\'&nbsp;-t&nbsp;10:60&nbsp;\'/usr/local/bin/deny.sh&nbsp;$1\'&quot;
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

127
doc/qsfilter2.1.html Normal file
View file

@ -0,0 +1,127 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSFILTER2</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSFILTER2</H1>
Section: qsfilter2 man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsfilter2 - an utility to generate mod_qos request line rules out from existing access/audit log data.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsfilter2 -i &lt;path&gt; [-c &lt;path&gt;] [-d &lt;num&gt;] [-h] [-b &lt;num&gt;] [-p|-s|-m|-o] [-l &lt;len&gt;] [-n] [-e] [-u 'uni'] [-k &lt;prefix&gt;] [-t] [-f &lt;path&gt;] [-v 0|1|2]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2><p><img src="qsfilter2_process.gif" alt="overview"></p>
mod_qos implements a request filter which validates each request line. The module supports both, negative and positive security model. The QS_Deny* directives are used to specify request line patterns which are not allowed to access the server (negative security model / deny list). These rules are used to restrict access to certain resources which should not be available to users or to protect the server from malicious patterns. The QS_Permit* rules implement a positive security model (allow list). These directives are used to define allowed request line patterns. Request which do not match any of these patterns are not allowed to access the server.
<P>
qsfilter2 is an audit log analyzer used to generate filter rules (perl compatible regular expressions) which may be used by mod_qos to deny access for suspect requests (QS_PermitUri rules). It parses existing audit log files in order to generate request patterns covering all allowed requests.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-i &lt;path&gt; <DD>
Input file containing request URIs. The URIs for this file have to be extracted from the servers access logs. Each line of the input file contains a request URI consisting of a path and and query.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Example:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/index.do
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/edit?image=1.jpg
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/image/1.jpg
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/view?page=1
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/aaa/edit?document=1
<P>
These access log data must include current request URIs but also request lines from previous rule generation steps. It must also include request lines which cover manually generated rules. You may use the 'qos-path' and 'qos-query' variables to create an audit log containing all request data (path and query/body data). Example: 'CustomLog audit_log %{qos-path}n%{qos-query}n'. See also <A HREF="http://mod-qos.sourceforge.net#qsfiltersample">http://mod-qos.sourceforge.net#qsfiltersample</A> about the module settings.
<DT>-c &lt;path&gt; <DD>
mod_qos configuration file defining QS_DenyRequestLine and QS_PermitUri directives. qsfilter2 generates rules from access log data automatically. Manually generated rules (QS_PermitUri) may be provided from this file. Note: each manual rule must be represented by a request URI in the input data (-i) in order to make sure not to be deleted by the rule optimisation algorithm. QS_Deny* rules from this file are used to filter request lines which should not be used for allow list rule generation.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Example:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;manually&nbsp;defined&nbsp;allow&nbsp;list&nbsp;rule:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;QS_PermitUri&nbsp;+view&nbsp;deny&nbsp;&quot;^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$&quot;
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;filter&nbsp;unwanted&nbsp;request&nbsp;line&nbsp;patterns:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;QS_DenyRequestLine&nbsp;+printable&nbsp;deny&nbsp;&quot;.*[\x00-\x19].*&quot;
<P>
<P>
<DT>-d &lt;num&gt; <DD>
Depth (sub locations) of the path string which is defined as a literal string. Default is 1.
<DT>-h <DD>
Always use a string representing the handler name in the path even the url does not have a query. See also -d option.
<DT>-b &lt;num&gt; <DD>
Replaces url pattern by the regular expression when detecting a base64/hex encoded string. Detecting sensibility is defined by a numeric value. You should use values higher than 5 (default) or 0 to disable this function.
<DT>-p <DD>
Represents query by pcre only (no literal strings).
<DT>-s <DD>
Uses one single pcre for the whole query string.
<DT>-m <DD>
Uses one pcre for multiple query values (recommended mode).
<DT>-o <DD>
Does not care the order of query parameters.
<DT>-l &lt;len&gt; <DD>
Outsizes the query length by the defined length ({0,size+len}), default is 10.
<DT>-n <DD>
Disables redundant rules elimination.
<DT>-e <DD>
Exit on error.
<DT>-u 'uni' <DD>
Enables additional decoding methods. Use the same settings as you have used for the QS_Decoding directive.
<DT>-k &lt;prefix&gt; <DD>
Prefix used to generate rule identifiers (QSF by default).
<DT>-t <DD>
Calculates the maximal latency per request (worst case) using the generated rules.
<DT>-f &lt;path&gt; <DD>
Filters the input by the provided path (prefix) only processing matching lines.
<DT>-v &lt;level&gt; <DD>
Verbose mode. (0=silent, 1=rule source, 2=detailed). Default is 1. Don't use rules you haven't checked the request data used to generate it! Level 1 is highly recommended (as long as you don't have created the log data using your own web crawler).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>OUTPUT</H2>
The output of qsfilter2 is written to stdout. The output contains the generated QS_PermitUri directives but also information about the source which has been used to generate these rules. It is very important to check the validity of each request line which has been used to calculate the QS_PermitUri rules. Each request line which has been used to generate a new rule is shown in the output prefixed by &quot;ADD line &lt;line number&gt;:&quot;. These request lines should be stored and reused at any later rule generation (add them to the URI input file). The subsequent line shows the generated rule. At the end of data processing a list of all generated QS_PermitUri rules is shown. These directives may be used withn the configuration file used by mod_qos.
<A NAME="lbAG">&nbsp;</A>
<H2>EXAMPLE</H2>
<BR>&nbsp;&nbsp;qsfilter2&nbsp;-i&nbsp;loc.txt&nbsp;-c&nbsp;httpd.conf&nbsp;-m&nbsp;-e
<BR>&nbsp;&nbsp;...
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;1:&nbsp;/aaa/index.do
<BR>&nbsp;&nbsp;#&nbsp;003&nbsp;^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;3:&nbsp;/aaa/view?page=1
<BR>&nbsp;&nbsp;#&nbsp;---&nbsp;^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;4:&nbsp;/aaa/edit?document=1
<BR>&nbsp;&nbsp;#&nbsp;004&nbsp;^[/a-zA-Z]+/edit\?((document)(=[0-9]*)*[&amp;]?)*$
<BR>&nbsp;&nbsp;#&nbsp;ADD&nbsp;line&nbsp;5:&nbsp;/aaa/edit?image=1.jpg
<BR>&nbsp;&nbsp;#&nbsp;005&nbsp;^[/a-zA-Z]+/edit\?((image)(=[0-9\.a-zA-Z]*)*[&amp;]?)*$
<BR>&nbsp;&nbsp;...
<BR>&nbsp;&nbsp;QS_PermitUri&nbsp;+QSF001&nbsp;deny&nbsp;&quot;^[/a-zA-Z]+/edit\?((document|image)(=[0-9\.a-zA-Z]*)*[&amp;]?)*$&quot;
<BR>&nbsp;&nbsp;QS_PermitUri&nbsp;+QSF002&nbsp;deny&nbsp;&quot;^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$&quot;
<BR>&nbsp;&nbsp;QS_PermitUri&nbsp;+QSF003&nbsp;deny&nbsp;&quot;^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$&quot;
<P>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">OUTPUT</A><DD>
<DT><A HREF="#lbAG">EXAMPLE</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

BIN
doc/qsfilter2_process.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 15 KiB

77
doc/qsgeo.1.html Normal file
View file

@ -0,0 +1,77 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSGEO</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSGEO</H1>
Section: qsgeo man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsgeo - an utility to lookup a client's country code.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsgeo -d &lt;path&gt; [-l] [-s] [-ip &lt;ip&gt;]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
Use this utility to resolve the country codes of IP addresses within existing log files. The utility reads the log file data from stdin and writes them, with the injected country code, to stdout.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<P>
<DL COMPACT>
<DT>-d &lt;path&gt; <DD>
Specifies the path to the geographical database files (CSV file containing IP address ranges and country codes).
<DT>-s <DD>
Writes a summary of the requests per country only.
<DT>-l <DD>
Writes the database to stdout (ignoring stdin) inserting local (127.*) and private (10.*, 172.16*, 192.168.*) network addresses.
<DT>-ip &lt;ip&gt; <DD>
Resolves a single IP address instead of processing a log file.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Reading the file access.log and adding the country code to the IP address field:
<P>
<BR>&nbsp;&nbsp;cat&nbsp;access.log&nbsp;|&nbsp;qsgeo&nbsp;-d&nbsp;GeoIPCountryWhois.csv
<P>
Reading the file access.log and showing a summary only:
<P>
<BR>&nbsp;&nbsp;cat&nbsp;access.log&nbsp;|&nbsp;qsgeo&nbsp;-d&nbsp;GeoIPCountryWhois.csv&nbsp;-s
<P>
Resolving a single IP address:
<P>
<BR>&nbsp;&nbsp;qsgeo&nbsp;-d&nbsp;GeoIPCountryWhois.csv&nbsp;-ip&nbsp;192.84.12.23
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

67
doc/qsgrep.1.html Normal file
View file

@ -0,0 +1,67 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSGREP</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSGREP</H1>
Section: qsgrep man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsgrep - prints matching patterns within a file.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsgrep -e &lt;pattern&gt; -o &lt;sub string&gt; [&lt;path&gt;]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsgrep is a simple tool to search patterns within files. It uses regular expressions to find patterns and prints the submatches within a pre-defined format string.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-e &lt;pattern&gt; <DD>
Specifies the search pattern.
<DT>-o &lt;string&gt; <DD>
Defines the output string where $0-$9 are substituted by the submatches of the regular expression.
<DT>&lt;path&gt; <DD>
Defines the input file to process. qsgrep reads from from standard input if this parameter is omitted.
<P>
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Shows the IP addresses of clients causing mod_qos(031) messages):
<P>
<BR>&nbsp;&nbsp;qsgrep&nbsp;-e&nbsp;'mod_qos\(031\).*,&nbsp;c=([a-zA-Z0-9:.]*)'&nbsp;-o&nbsp;'ip=$1'&nbsp;error_log
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

54
doc/qshead.1.html Normal file
View file

@ -0,0 +1,54 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSHEAD</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSHEAD</H1>
Section: qshead man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qshead - an utility reading from stdin and printing all lines to stdout until reaching the defined pattern.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qshead -p &lt;pattern&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qshead reads lines from stdin and prints them to stdout until a line contains the specified pattern (literal string).
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-p &lt;pattern&gt; <DD>
Search pattern (literal string).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1) <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

146
doc/qslog.1.html Normal file
View file

@ -0,0 +1,146 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSLOG</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSLOG</H1>
Section: qslog man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qslog - collects request statistics from access log data.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qslog -f &lt;format_string&gt; -o &lt;out_file&gt; [-p[c|u[c]] [-v]] [-x [&lt;num&gt;]] [-u &lt;name&gt;] [-m] [-c &lt;path&gt;]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qslog is a real time access log analyzer. It collects the data from stdin. The output is written to the specified file every minute and includes the following entries:
<BR>&nbsp;&nbsp;-&nbsp;requests&nbsp;per&nbsp;second&nbsp;(r/s)
<BR>&nbsp;&nbsp;-&nbsp;number&nbsp;of&nbsp;requests&nbsp;within&nbsp;measured&nbsp;time&nbsp;(req)
<BR>&nbsp;&nbsp;-&nbsp;bytes&nbsp;sent&nbsp;to&nbsp;the&nbsp;client&nbsp;per&nbsp;second&nbsp;(b/s)
<BR>&nbsp;&nbsp;-&nbsp;bytes&nbsp;received&nbsp;from&nbsp;the&nbsp;client&nbsp;per&nbsp;second&nbsp;(ib/s)
<BR>&nbsp;&nbsp;-&nbsp;response&nbsp;status&nbsp;codes&nbsp;within&nbsp;the&nbsp;last&nbsp;minute&nbsp;(1xx,2xx,3xx,4xx,5xx)
<BR>&nbsp;&nbsp;-&nbsp;average&nbsp;response&nbsp;duration&nbsp;(av)
<BR>&nbsp;&nbsp;-&nbsp;average&nbsp;response&nbsp;duration&nbsp;in&nbsp;milliseconds&nbsp;(avms)
<BR>&nbsp;&nbsp;-&nbsp;distribution&nbsp;of&nbsp;response&nbsp;durations&nbsp;in&nbsp;seconds&nbsp;within&nbsp;the&nbsp;last&nbsp;minute
(&lt;1s,1s,2s,3s,4s,5s,&gt;5s)
<BR>&nbsp;&nbsp;-&nbsp;distribution&nbsp;of&nbsp;response&nbsp;durations&nbsp;faster&nbsp;than&nbsp;a&nbsp;second&nbsp;within&nbsp;the&nbsp;last&nbsp;minute
(0-49ms,50-99ms,100-499ms,500-999ms)
<BR>&nbsp;&nbsp;-&nbsp;number&nbsp;of&nbsp;established&nbsp;(new)&nbsp;connections&nbsp;within&nbsp;the&nbsp;measured&nbsp;time&nbsp;(esco)
<BR>&nbsp;&nbsp;-&nbsp;average&nbsp;system&nbsp;load&nbsp;(sl)
<BR>&nbsp;&nbsp;-&nbsp;free&nbsp;memory&nbsp;(m)&nbsp;(not&nbsp;available&nbsp;for&nbsp;all&nbsp;platforms)
<BR>&nbsp;&nbsp;-&nbsp;number&nbsp;of&nbsp;client&nbsp;ip&nbsp;addresses&nbsp;seen&nbsp;withn&nbsp;the&nbsp;last&nbsp;600&nbsp;seconds&nbsp;(ip)
<BR>&nbsp;&nbsp;-&nbsp;number&nbsp;of&nbsp;different&nbsp;users&nbsp;seen&nbsp;withn&nbsp;the&nbsp;last&nbsp;600&nbsp;seconds&nbsp;(usr)
<BR>&nbsp;&nbsp;-&nbsp;number&nbsp;of&nbsp;events&nbsp;identified&nbsp;by&nbsp;the&nbsp;'E'&nbsp;format&nbsp;character
<BR>&nbsp;&nbsp;-&nbsp;number&nbsp;of&nbsp;mod_qos&nbsp;events&nbsp;within&nbsp;the&nbsp;last&nbsp;minute&nbsp;(qV=create&nbsp;session,
qv=VIP IP,qS=session pass, qD=access denied, qK=connection closed, qT=dynamic keep-alive, qL=request/response slow down, qs=serialized request, qA=connection abort, qU=new user tracking cookie)
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-f &lt;format_string&gt; <DD>
Defines the log data format and the positions of data elements processed by this utility. See to the 'LogFormat' directive of the httpd.conf file to see the format definitions of the servers access log data.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;qslog&nbsp;knows&nbsp;the&nbsp;following&nbsp;elements:
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;I&nbsp;defines&nbsp;the&nbsp;client&nbsp;ip&nbsp;address&nbsp;(%h)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;R&nbsp;defines&nbsp;the&nbsp;request&nbsp;line&nbsp;(%r)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;S&nbsp;defines&nbsp;HTTP&nbsp;response&nbsp;status&nbsp;code&nbsp;(%s)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;B&nbsp;defines&nbsp;the&nbsp;transferred&nbsp;bytes&nbsp;(%b&nbsp;or&nbsp;%O)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;i&nbsp;defines&nbsp;the&nbsp;received&nbsp;bytes&nbsp;(%I)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;D&nbsp;defines&nbsp;the&nbsp;request&nbsp;duration&nbsp;in&nbsp;microseconds&nbsp;(%D)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;t&nbsp;defines&nbsp;the&nbsp;request&nbsp;duration&nbsp;in&nbsp;milliseconds&nbsp;(may&nbsp;be&nbsp;used&nbsp;instead&nbsp;of&nbsp;D)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;T&nbsp;defines&nbsp;the&nbsp;request&nbsp;duration&nbsp;in&nbsp;seconds&nbsp;(may&nbsp;be&nbsp;used&nbsp;instead&nbsp;of&nbsp;D&nbsp;or&nbsp;t)&nbsp;(%T)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;k&nbsp;defines&nbsp;the&nbsp;number&nbsp;of&nbsp;keepalive&nbsp;requests&nbsp;on&nbsp;the&nbsp;connection&nbsp;(%k)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;U&nbsp;defines&nbsp;the&nbsp;user&nbsp;tracking&nbsp;id&nbsp;(%{mod_qos_user_id}e)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Q&nbsp;defines&nbsp;the&nbsp;mod_qos_ev&nbsp;event&nbsp;message&nbsp;(%{mod_qos_ev}e)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;C&nbsp;defines&nbsp;the&nbsp;element&nbsp;for&nbsp;the&nbsp;detailed&nbsp;log&nbsp;(-c&nbsp;option),&nbsp;e.g.&nbsp;&quot;%U&quot;
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;s&nbsp;arbitrary&nbsp;counter&nbsp;to&nbsp;add&nbsp;up&nbsp;(sum&nbsp;within&nbsp;a&nbsp;minute)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;a&nbsp;arbitrary&nbsp;counter&nbsp;to&nbsp;build&nbsp;an&nbsp;average&nbsp;from&nbsp;(average&nbsp;per&nbsp;request)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;A&nbsp;arbitrary&nbsp;counter&nbsp;to&nbsp;build&nbsp;an&nbsp;average&nbsp;from&nbsp;(average&nbsp;per&nbsp;request)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;M&nbsp;arbitrary&nbsp;counter&nbsp;to&nbsp;measure&nbsp;the&nbsp;maximum&nbsp;value&nbsp;reached&nbsp;(peak)
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;E&nbsp;comma&nbsp;separated&nbsp;list&nbsp;of&nbsp;event&nbsp;strings
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;c&nbsp;content&nbsp;type&nbsp;(%{content-type}o),&nbsp;available&nbsp;in&nbsp;-pc&nbsp;mode&nbsp;only
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;m&nbsp;request&nbsp;method&nbsp;(GET/POST)&nbsp;(%m),&nbsp;available&nbsp;in&nbsp;-pc&nbsp;mode&nbsp;only
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.&nbsp;defines&nbsp;an&nbsp;element&nbsp;to&nbsp;ignore&nbsp;(unknown&nbsp;string)
<P>
<DT>-o &lt;out_file&gt; <DD>
Specifies the file to store the output to. stdout is used if this option is not defined.
<DT>-p <DD>
Used for post processing when reading the log data from a file (cat/pipe). qslog is started using it's offline mode (extracting the time stamps from the log lines) in order to process existing log files. The option &quot;-pc&quot; may be used alternatively if you want to gather request information per client (identified by IP address (I) or user tracking id (U) showing how many request each client has performed within the captured period of time). &quot;-pc&quot; supports the format characters IURSBTtDkMEcm. The option &quot;-pu&quot; collects statistics on a per URL level (supports format characters RSTtD). &quot;-puc&quot; is very similar to &quot;-pu&quot; but cuts the end (handler) of each URL.
<DT>-v <DD>
Verbose mode.
<DT>-x [&lt;num&gt;] <DD>
Rotates the output file once a day (move). You may specify the number of rotated files to keep. Default are 14.
<DT>-u &lt;name&gt; <DD>
Becomes another user, e.g. www-data.
<DT>-m <DD>
Calculates free system memory every minute.
<DT>-c &lt;path&gt; <DD>
Enables the collection of log statistics for different request types. 'path' specifies the necessary rule file. Each rule consists of a rule identifier and a regular expression to identify a request seprarated by a colon, e.g., 01:^(/a)|(/c). The regular expressions are matched against the log data element which has been identified by the 'C' format character.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>VARIABLES</H2>
The following environment variables are known to qslog:
<DL COMPACT>
<DT>QSEVENTPATH=&lt;path&gt; <DD>
Defines a file containing a comma or new line separated list of known event strings expected within the log filed identified by the 'E' format character.
<DT>QSCOUNTERPATH=&lt;path&gt; <DD>
Defines a file containing a by new line separated list of rules which reflect possible QS_ClientEventLimitCount directive settings (for simulation purpose / -pc option). The 'E' format character defines the event string in the log to match (literal string) the 'event1' and 'event2' event names against.
<P>
Rule syntax: &lt;name&gt;:&lt;event1&gt;-&lt;n&gt;*&lt;event2&gt;/&lt;duration&gt;=&lt;limit&gt;
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name'&nbsp;defines&nbsp;the&nbsp;name&nbsp;you&nbsp;have&nbsp;given&nbsp;to&nbsp;the&nbsp;rule&nbsp;entry&nbsp;and&nbsp;is&nbsp;logged&nbsp;along&nbsp;with
with the number of times the 'limit' has been reached within the 'duration'.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'event1'&nbsp;defines&nbsp;the&nbsp;variable&nbsp;name&nbsp;(if&nbsp;found&nbsp;in&nbsp;'E')&nbsp;to&nbsp;increment&nbsp;the&nbsp;counter.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'event2'&nbsp;defines&nbsp;the&nbsp;variable&nbsp;name&nbsp;(if&nbsp;found&nbsp;in&nbsp;'E')&nbsp;to&nbsp;decrement&nbsp;the&nbsp;counter&nbsp;(and
the parameter 'n' defines by how much).
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'duration'&nbsp;defines&nbsp;the&nbsp;measure&nbsp;interval&nbsp;(in&nbsp;seconds)&nbsp;used&nbsp;for&nbsp;the
QS_ClientEventLimitCount directive.
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'limit'&nbsp;defines&nbsp;the&nbsp;threshold&nbsp;(number)&nbsp;defined&nbsp;for&nbsp;the&nbsp;QS_ClientEventLimitCount
directive.
<P>
Note: If the 'name' parameter is prefixed by 'STATUS', the rule is applied against the HTTP status code 'S' and the 'event1' string shall contain a list of relevant status codes separated by an underscore (while 'event2' is ignored).
</DL>
<A NAME="lbAG">&nbsp;</A>
<H2>EXAMPLE</H2>
Configuration using pipped logging:
<P>
<BR>&nbsp;&nbsp;CustomLog&nbsp;&quot;|/usr/bin/qslog&nbsp;-f&nbsp;ISBDQ&nbsp;-x&nbsp;-o&nbsp;/var/log/apache/stat.csv&quot;&nbsp;&quot;%h&nbsp;%&gt;s&nbsp;%b&nbsp;%D&nbsp;%{mod_qos_ev}e&quot;
<P>
Post processing:
<P>
<BR>&nbsp;&nbsp;LogFormat&nbsp;&quot;%t&nbsp;%h&nbsp;\&quot;%r\&quot;&nbsp;%&gt;s&nbsp;%b&nbsp;\&quot;%{User-Agent}i\&quot;&nbsp;%T&quot;
<BR>&nbsp;&nbsp;cat&nbsp;access.log&nbsp;|&nbsp;qslog&nbsp;-f&nbsp;..IRSB.T&nbsp;-o&nbsp;stat.csv&nbsp;-p
<P>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">VARIABLES</A><DD>
<DT><A HREF="#lbAG">EXAMPLE</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

75
doc/qslogger.1.html Normal file
View file

@ -0,0 +1,75 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSLOGGER</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSLOGGER</H1>
Section: qslogger man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qslogger - another shell command interface to the system log module (syslog).
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qslogger [-t &lt;tag&gt;] [-f &lt;facility&gt;] [-l &lt;level&gt;] [-x &lt;prefix&gt;] [-r &lt;expression&gt;] [-d &lt;level&gt;] [-u &lt;name&gt;] [-p]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
Use this utility to forward log messages to the systems syslog facility, e.g., to forward the messages to a remote host. It reads data from stdin.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<P>
<DL COMPACT>
<DT>-t &lt;tag&gt; <DD>
Defines the tag name which shall be used to define the origin of the messages, e.g. 'httpd'.
<DT>-f &lt;facility&gt; <DD>
Defines the syslog facility. Default is 'daemon'.
<DT>-u &lt;name&gt; <DD>
Becomes another user, e.g. www-data.
<DT>-l &lt;level&gt; <DD>
Defines the minimal severity a message must have in order to be forwarded. Default is 'DEBUG' (forwarding everything).
<DT>-x &lt;prefix&gt; <DD>
Allows you to add a prefix (literal string) to every message.
<DT>-r &lt;expression&gt; <DD>
Specifies a regular expression which shall be used to determine the severity (syslog level) for each log line. The default pattern '^\[[0-9a-zA-Z :]+\] \[([a-z]+)\] ' can be used for Apache error log messages but you may configure your own pattern matching other log formats. Use brackets to define the pattern enclosing the severity string. Default level (if severity can't be determined) is defined by the option '-d' (see below).
<DT>-d &lt;level&gt; <DD>
The default severity if the specified pattern (-r) does not match and the message's severity can't be determined. Default is 'NOTICE'.
<DT>-p <DD>
Writes data also to stdout (for piped logging).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
<BR>&nbsp;&nbsp;ErrorLog&nbsp;&quot;|/usr/bin/qslogger&nbsp;-t&nbsp;apache&nbsp;-f&nbsp;local7&quot;
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

58
doc/qspng.1.html Normal file
View file

@ -0,0 +1,58 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSPNG</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSPNG</H1>
Section: qspng man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qspng - an utility to draw a png graph from <A HREF="qslog.1.html">qslog</A>(1) output data.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qspng -i &lt;stat_log_file&gt; -p &lt;parameter&gt; -o &lt;out_file&gt; [-10]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qspng is a tool to generate png (portable network graphics) raster images files from semicolon separated data generated by the qslog utility. It reads up to the first 1440 entries (24 hours) and prints a graph using the values defined by the 'parameter' name.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-i &lt;stats_log_file&gt; <DD>
Input file to read data from.
<DT>-p &lt;parameter&gt; <DD>
Parameter name, e.g. r/s or usr.
<DT>-o &lt;out_file&gt; <DD>
Output file name, e.g. stat.png.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

56
doc/qsre.1.html Normal file
View file

@ -0,0 +1,56 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSRE</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSRE</H1>
Section: qsre man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsre matches a regular expression against test strings.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsre &lt;string&gt;|&lt;path&gt; &lt;pcre&gt;|&lt;path&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
Regular expression test tool. The provided regular expression (pcre, caseless matching, &quot;.&quot; matches anything incl. newline) is appplied against the provided test strings to verify if the pattern matches.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>&lt;string&gt;|&lt;path&gt; <DD>
The first argument either defines a single test string of a path to a file containing either multiple test strings or a test pattern with newline characters (text).
<DT>&lt;pcre&gt;|&lt;path&gt; <DD>
The second argument either defines a regular expression or a path to a file containing the expression.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

54
doc/qsrespeed.1.html Normal file
View file

@ -0,0 +1,54 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSRESPEED</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSRESPEED</H1>
Section: qsrespeed man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
Tool to compare / estimate the processing time for (Perl-compatible) regular expressions (PCRE).
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsrespeed &lt;path&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsrespeed loads regular expressions from the provided file and matches them against a built-in set of strings measuring the time needed to process them. It's a benchmark too to judge the expressions you have defined regarding the potential CPU consumption.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>&lt;path&gt; <DD>
Defines the input file to process. The file consists a list of (separated by a newline character) regular expressions to test
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

86
doc/qsrotate.1.html Normal file
View file

@ -0,0 +1,86 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSROTATE</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSROTATE</H1>
Section: qsrotate man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qsrotate - a log rotation tool (similar to Apache's rotatelogs).
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qsrotate -o &lt;file&gt; [-s &lt;sec&gt; [-t &lt;hours&gt;]] [-b &lt;bytes&gt;] [-f] [-z] [-g &lt;num&gt;] [-u &lt;name&gt;] [-m &lt;mask&gt;] [-p] [-d]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qsrotate reads from stdin (piped log) and writes the data to the provided file rotating the file after the specified time.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-o &lt;file&gt; <DD>
Output log file to write the data to (use an absolute path).
<DT>-s &lt;sec&gt; <DD>
Rotation interval in seconds, default are 86400 seconds.
<DT>-t &lt;hours&gt; <DD>
Offset to UTC (enables also DST support), default is 0.
<DT>-b &lt;bytes&gt; <DD>
File size limitation (default/max. are 2147352576 bytes, min. are 1048576 bytes).
<DT>-f <DD>
Forced log rotation at the specified interval even no data is written.
<DT>-z <DD>
Compress (gzip) the rotated file.
<DT>-g &lt;num&gt; <DD>
Generations (number of files to keep).
<DT>-u &lt;name&gt; <DD>
Become another user, e.g. www-data. -m &lt;mask&gt;
File permission which is either 600, 640, 660 (default) or 664.
<DT>-p <DD>
Writes data also to stdout (for piped logging). -d
Line-by-line data reading prefixing every line with a timestamp.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
<BR>&nbsp;&nbsp;TransferLog&nbsp;&quot;|/usr/bin/qsrotate&nbsp;-f&nbsp;-z&nbsp;-g&nbsp;3&nbsp;-o&nbsp;/var/log/apache/access.log&nbsp;-s&nbsp;86400&quot;
<P>
The name of the rotated file will be /dest/filee.YYYYmmddHHMMSS where YYYYmmddHHMMSS is the system time at which the data has been rotated.
<A NAME="lbAG">&nbsp;</A>
<H2>NOTE</H2>
<BR>&nbsp;-&nbsp;Each&nbsp;qsrotate&nbsp;instance&nbsp;must&nbsp;use&nbsp;an&nbsp;individual&nbsp;file.
<BR>&nbsp;-&nbsp;You&nbsp;may&nbsp;trigger&nbsp;a&nbsp;file&nbsp;rotation&nbsp;manually&nbsp;by&nbsp;sending&nbsp;the&nbsp;signal&nbsp;USR1
to the process.
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qssign.1.html">qssign</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">NOTE</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

79
doc/qssign.1.html Normal file
View file

@ -0,0 +1,79 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSSIGN</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSSIGN</H1>
Section: qssign man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qssign - an utility to sign and verify the integrity of log data.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qssign -s|S &lt;secret&gt; [-e] [-v] [-u &lt;name&gt;] [-f &lt;regex&gt;] [-a 'sha1'|'sha256']
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qssign is a log data integrity check tool. It reads log data from stdin (pipe) and writes the data to stdout adding a sequence number and signature to ever log line.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-s &lt;secret&gt; <DD>
Passphrase used to calculate signature.
<DT>-S &lt;program&gt; <DD>
Specifies a program which writes the passphrase to stdout.
<DT>-e <DD>
Writes start/end marker when starting/stopping data signing.
<DT>-v <DD>
Verification mode checking the integrity of signed data.
<DT>-u &lt;name&gt; <DD>
Becomes another user, e.g. www-data.
<DT>-f &lt;regex&gt; <DD>
Filter pattern (case sensitive regular expression) for messages which do not need to be signed.
<DT>-a 'sha1'|'sha256' <DD>
Specifies the algorithm to use. Default is sha1.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
Sign:
<P>
<BR>&nbsp;TransferLog&nbsp;&quot;|/usr/bin/qssign&nbsp;-s&nbsp;password&nbsp;-e&nbsp;|/usr/bin/qsrotate&nbsp;-o&nbsp;/var/log/apache/access.log&quot;
<P>
<P>
Verify:
<P>
<BR>&nbsp;cat&nbsp;access.log&nbsp;|&nbsp;qssign&nbsp;-s&nbsp;password&nbsp;-v
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qstail.1.html">qstail</A>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">EXAMPLE</A><DD>
<DT><A HREF="#lbAG">SEE ALSO</A><DD>
<DT><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>

56
doc/qstail.1.html Normal file
View file

@ -0,0 +1,56 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of QSTAIL</TITLE>
<META name='KeyWords' content='Quality of Service, QoS, Apache Web Server, Web application security, WAF, Open Source Software, Security, Proxy'/>
<META name='author' content='Pascal Buchbinder' />
</HEAD><BODY>
<H1>QSTAIL</H1>
Section: qstail man page (1)<BR>Updated: May 2023<BR><A HREF="#index">Index</A>
<A HREF="index.html#utilities">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
qstail - an utility printing the end of a log file starting at the specified pattern.
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
qstail -i &lt;path&gt; -p &lt;pattern&gt;
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
qstail shows the end of a log file beginning with the line containing the specified pattern. This may be used to show all lines which has been written after a certain event (e.g., server restart) or time stamp.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT>-i &lt;path&gt; <DD>
Input file to read the data from.
<DT>-p &lt;pattern&gt; <DD>
Search pattern (literal string).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="qsdt.1.html">qsdt</A>(1), <A HREF="qsexec.1.html">qsexec</A>(1), <A HREF="qsfilter2.1.html">qsfilter2</A>(1), <A HREF="qsgeo.1.html">qsgeo</A>(1), <A HREF="qsgrep.1.html">qsgrep</A>(1), <A HREF="qshead.1.html">qshead</A>(1), <A HREF="qslog.1.html">qslog</A>(1), <A HREF="qslogger.1.html">qslogger</A>(1), <A HREF="qspng.1.html">qspng</A>(1), <A HREF="qsre.1.html">qsre</A>(1), <A HREF="qsrespeed.1.html">qsrespeed</A>(1), <A HREF="qsrotate.1.html">qsrotate</A>(1), <A HREF="qssign.1.html">qssign</A>(1)
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHOR</H2>
Pascal Buchbinder, <A HREF="http://mod-qos.sourceforge.net/">http://mod-qos.sourceforge.net/</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">AUTHOR</A><DD>
</DL>
<HR>
</BODY>
</HTML>