Here are the words right from the horse’s mouth:

https://httpd.apache.org/docs/current/logs.html#accesslog

Most of my understanding comes from countless hours actually studying and combing thru access and error logs. It doesn’t sound like fun, but once you get what you’re looking at, things become a lot more interesting :)

Yeah I was afraid you’d point to the apache site. ZZZzzzzzz.

Anyway I’m with you, the log files are fun to comb through. Yesterday I got rid of my first possible energy vamp. (Over 600 hits a month looking for various feeds seems confusing to me, so I made a PHP page called temp-ban.php where these people will end up, and the option to email me and get unbanned is open to them.)

I used to get attacked a lot, but I didn’t know anything so my server guy would always fix everything up. Now that I’m getting ready to know things, no one attacks me anymore. At least not like they used to. Too bad. Maybe I should start blogging about how invincible I’m becoming. :)

It’s easy these days to be a target — I’ve learned to dial it back online, but I also keep an eye on things just in case.. I think it’s great that more people are learning how to protect their sites. I’ve seen how even a modicum of effort is enough to keep attacks at bay.

For Apache Docs, I agree it’s not blood-pumping material, but it’s the most concise and time-efficient way to communicate the information. If only I had the time to write more on the subject, it’s a big part of what I do online.

Keep an eye on things — even thinking “no one attacks me anymore” or “how invincible I’m becoming” seems to be enough to make it happen :)