How to Enabled mod_rewrite Debug Log in cPanel

If you are using mod_rewrite & find out some problem, you may need to do some debugging with the log write somewhere. For CentOS system with cPanel together with Apache or LiteSpeed, you may enabled mod_rewrite Debug Log as below.

  • Edit Apache configuration located in “/etc/httpd/conf/httpd.conf
  • Find the corresponding VirtualHost for your domain which you want to debug.
  • Add “RewriteLogLevel 9” underneath “UseCanonicalName” as below and save.
  UseCanonicalName Off
  RewriteLogLevel 9
  • Restart Apache or LiteSpeed
  • The Debug Log will be written in “/usr/local/apache/logs/error_log” file.

How to find IP Address that Launch DDOS Attack

If your VPS or server load suddenly increases much higher than normal, it could be a DDOS attack.

To find out which IPs did that do the following,

Option 1 :- If you know which domain is attacked. SSH to your server & issue the following command. Make sure you replace “DOMAIN” with your domain name. If you are using cPanel/WHM and the domain is not the primary domain, normally it will be the sub domain of the primary domain.

less /usr/local/apache/domlogs/DOMAIN | awk '{print $1}' | sort | uniq -c | sort -n

Option 2 :- If you don’t know which domain is attacked. SSH to your server & issue the following command. Option 1 if preferable especially if your server is very busy has many domain. It will take quite sometimes to process the log file. You can check by issuing “top -c” command to find out which domain consume the most resources.

less /usr/local/apache/logs/access_log | awk '{print $1}' | sort | uniq -c | sort -n

Both of the option will give the ip and number of connections in the descending order. For example:


In the above case we can see too many connections from those ips and it is abnormal. You can block these ips in the firewall such as ConfigServer Firewall (“csf”).

Page 1 of 41234