Find Top 10 IP Addresses Accessing Your Apache Web Server

When running a web server that can be accessed from an open or public network such as Internet, then it is always a good System Administration practice to monitor access to your server.

Find Top IP Address Accessing Apache Web Server

Find Top IP Address Accessing Apache Web Server

One good thing in monitoring access to your web server is the existence of access log file(s) that store information about every access activities that happen in the server.

Working with log files is always very important, because they give you an account of everything that has happened within a system or application in this case your Apache web server. In case of any performance or access related problems, then log files can help you point out what could be wrong or is happening.

Read more about log management in Linux: 4 Best Log Management Tools for Linux

In this article, we shall look at how to find the top 10 IP addresses that have been accessing your Apache web server.

The default path for Apache web server log is:

/var/log/http/access_log      [For RedHat based systems]
/var/log/apache2/access.log   [For Debian based systems]
/var/log/http-access.log      [For FreeBSD]

To find out top 10 IP address accessing your Apache web server for domain, just run the following command.

# awk '{ print $1}' access.log.2016-05-08 | sort | uniq -c | sort -nr | head -n 10
Sample Output

In the command above:

  1. awk – prints the access.log.2016-05-08 file.
  2. sort – helps to sort lines in a access.log.2016-05-08 file, the -n option compares lines based on the numerical value of strings and -r option reverses the outcome of the comparisons.
  3. uniq – helps to report repeated lines and the -c option helps to prefix lines according to the number of occurrences.

Read more about how to use awk command in Linux.


There are many methods that can be used to achieve this, if you know any better way do share in the comments and also in case of any suggestions or questions, remember to leave a comment in the comments section below and we shall discuss it together. Hope you find this article helpful and remember to always stay connected to Tecmint.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide
The Complete Linux System Administrator Bundle
Become an Ethical Hacker Bonus Bundle

You may also like...

10 Responses

  1. BigJoe says:

    Great article really useful.

    Any more bits like this?

  2. Mike says:

    Thank you. And if you want block:

    # iptables -I INPUT -s IP -j DROP


    # iptables -D INPUT -s IP -j DROP

    IP – remote addr

  3. Pratham says:

    Nice one but it’s works on HP Unix>, please share if know anything about it.

  4. LempStacker says:

    [[email protected] tmp]$ cat test.txt | awk ‘{arr[$1]+=1}END{flag=0;PROCINFO[“sorted_in”]=”@val_num_desc”;for (i in arr) if(flag<10) {print arr[i],i;flag++}}'

  5. Emric A Norman says:

    I love this Aaron, thanks for the information

Leave a Reply to Pratham Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.