|
We do not allow unfettered access to Informatics web server logs. If you wish record who has been visiting your web pages, then two example solutions are listed below. There are also free and commercial web stat counters which you could link to, if you are willing to have some advertising on your web page/pay for it.
Note that to be compliant with the Regulation of Investigatory Powers Act you should have the Head of School's permission. It would also be as well to avoid logging anything which could be construed as personal data, as otherwise the provisions of the Data Protection Act would also apply.
Most of the Informatics web services support PHP. The inclusion of PHP code similar to the following, is one possible solution:
<?php
# Standard Apache logs the following: "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
# Here's our version of it.
$h = getenv('REMOTE_ADDR');
$l = "-"; # should really be user from ident
$u = getenv('REMOTE_USER')?getenv('REMOTE_USER'):"-";
$t = date("m/M/Y:H:i:s O");
$r = getenv('REQUEST_METHOD')." ".getenv('REQUEST_URI');
$s = "-"; # We can't tell what the status was
$b = 0; # or the size of the page
$referer = getenv('HTTP_REFERER');
$useragent = getenv('HTTP_USER_AGENT');
$logentry = "$h $l $u [$t] \"$r\" $s $b \"$referer\" \"$useragent\"\n";
# Note the log file below needs to be writeable by user "apache"
error_log($logentry, 3, "/public/homepages/neilb/data/php.log");
?>
Note that on some servers, the PHP handler is not enabled for .html files. If you need to enable this, then the following should be added to an appropriate .htaccess file:
AddHandler php5-script .html
A common e-marketing/spamming trick is to monitor web accesses by including an image, which isn't just an image, but is actually a CGI. You can do the same to log web access to you pages, but only if the browser is configured to fetch images. The idea is to embed an <IMG> tag in your HTML which actually links to a CGI that pretends to be an image. When the CGI executes to generate the image, it can also be logging the information that you require.
Here is a simple (not very secure) example of a CGI that generates a small dot GIF image, but also logs the web access:
#!/bin/sh
#
# Look like an image, but we also happen to log the fetch
# Disable filename globbing to limit possible exploits
set -f
# Note the log file needs to be writeable by the effective user that
# this CGI will run as, on homepages.inf this is you.
LOGFILE=/public/homepages/neilb/data/cgi.log
# The raw data for a single black dot gif.
GIF='\107\111\106\070\067\141\001\000\001\000\360\000\000\000\000\000'
GIF=$GIF'\000\000\000\054\000\000\000\000\001\000\001\000\000\002\002\104'
GIF=$GIF'\001\000\073'
SIZE=35;
# Alternatively you could just cat out an existing gif, eg
# GIFIMAGE="/public/homepages/neilb/cgi/dot.gif"
# SIZE=`wc -c $GIFIMAGE | awk '{print $1}'`
echo Content-Length: $SIZE
echo Content-type: image/gif
echo
# you could use 'cat $GIFIMAGE' instead of the echo below if you use the
# alternative way of generating the GIF image.
/bin/echo -e $GIF
# Log the info to a file.
# SECURITY NOTE. This is prone to exploitation if any of
# the variables contain a suitably constucted string, then arbitrary commands
# could be executed by this script. The variables should really be sanitised
# for shell chars to avoid this, or reimplement the script in another language
# but we don't have the space here.
echo "$REMOTE_ADDR - ${REMOTE_USER:--} [`date \"+%d/%b/%Y:%H:%M:%S %z\"`] \
\"$REQUEST_METHOD $REQUEST_URI\" - 0 \"$HTTP_REFERER\" \
\"$HTTP_USER_AGENT\"" >> $LOGFILE
You would then call this by just including something like <IMG SRC="/cgi/neilb/log.gif"> in a suitably descrete part of your web page.
|
Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk Please contact our webadmin with any comments or corrections. Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh |
