I have some content that is only available to people who pass a GeoIP lookup and match certain countries. This is done by mod_rewrite and it all works well.
What I would like to do is log failed attempts, to help debug people who should be able to get at this content but cannot. In order to do this at present I need RewriteLogLevel at 4, which means everything on the virtual host is logged, rather than just the stuff I am restricting.
This is the example from the mod_geoip readme:
GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CA$
RewriteRule \.(gif|jpg|png|css)$ - [L] # don't redirect images and stylesheets
RewriteRule ^(.*)$ http://www.canada.com [L] # redirect everything else
I would like to add something like
WriteThisToLog "Denied access to $1 from IP $2 due to calculated country $3"
The variables are all there - is there a directive I can use to write out to the Apache error log?
Edit: I would have put this in the comment to the correct answer, but formatting was important. I've ended up with this:
RewriteRule ^(.*)$ http://www.canada.com [L,E=GEOIP_FAIL:1] # redirect everything else
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" GEOIP_COUNTRY_CODE=%{GEOIP_COUNTRY_CODE}e" geoip_fail_format
CustomLog /var/log/httpd/geoip_fail_log geoip_fail_format env=GEOIP_FAIL
There is a module called mod_log_config which has directives called CustomLog and LogFormat. Basically we define a output format using LogFormat and redirect it to the file mentioned in CustomLog.