how to view hostnames in traffic entering my webserver (Apache)?
Is there any way I can view the hostnames used by incoming traffic that is accepted by my apache webserver?
For example, say the webserver is set up to process incoming traffic for an IP address, but there are several host names the webserver can accept, such as:
www.mydomain.com mydomain.com myotherdomain.com etc.
I need to see the hostnames that others are using to enter my webserver successfully.
The reason is I have some software that auto-generates some traffic going to my webserver, and I need to know the hostname it is using so that I can correctly setup Apache's httpd.conf file's virtual hosts to receive it correctly.
Can tcpdump be configured to look into the web traffic and extract this hostname? Or wireshark? In all the examples I see, including Apache's access_log file, there's only IP address, not hostnames. However, I need the hostname information for httpd.conf's VirtualHost stuff. Hope that makes sense.
You can configure a custom log format for access logging which will include this information.
Adjust your existing logging directives as needed, but you'll want something like this:
LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_with_access_host
CustomLog /var/log/wherever-you-put-it/access_log combined_with_access_host
That will write the received HTTP Host
header into the start of the line - and if it's blank, then the line will instead start with a space.