I am planning on disabling TLSV1 on an apache 2.4 server running on Ubuntu 14.04. Before doing this I thought it would be good to analyse how many users this would impact. I've read through the apache log documentation, which should allow me to log environment variables.
http://httpd.apache.org/docs/2.4/mod/mod_log_config.html
I have a RewriteRule I set up redirect users with TLSV1 which works fine, this rule looks like this.
RewriteCond %{SSL:SSL_PROTOCOL} ^TLSv1$
RewriteRule ^/test* /bad-ssl.html [L]
Which works perfectly. However I cannot get the log module to write SSl environment variables.
CustomLog ${APACHE_LOG_DIR}/ssl.log "%a \"%{SSL_PROTOCOL}e\" \"%{SSL:SSL_PROTOCOL}e\" \"%{evn:SSL_PROTOCOL}e\""
What am I missing?
Best Answer
The variable SSL_PROTOCOL (and all other mod_ssl variables) is technically not an environment variable, therefore
won't work.
According to http://httpd.apache.org/docs/2.4/mod/mod_ssl.html (Section Custom Log Formats) you have to use the syntax:
for SSL variables. To modify your config, it should read:
I assume SSL:SSL_PROTOCOL and evn:SSL_PROTOCOL were just attempts to achieve the same.