---
title: "Review recent website requests"
description: "In this article I'm going to teach you how you can use the server status feature of WHM (Web Host Manager) from the command line on your VPS (Virtual Private Server) or dedicated server in order to..."
url: https://www.inmotionhosting.com/support/website/review-recent-website-requests/
date: 2013-01-22
modified: 2021-08-16
author: "InMotion Hosting Contributor"
categories: ["Website"]
type: post
lang: en
---

# Review recent website requests

In this article I’m going to teach you how you can use the server status feature of WHM (Web Host Manager) from the command line on your VPS (Virtual Private Server) or dedicated server in order to review recent website requests that Apache is handling.

If you’ve happened to have read my previous articles on either [advanced server load monitoring](/support/server/server-usage/advanced-server-load-monitoring/), or how to [setup a server load monitoring script](/support/server/server-usage/create-server-load-monitoring-bash-script/) to alert you via email when your server’s load is high. Then you might be curious about the current website requests that are happening on your server, as more than likely those requests could be leading to your server’s load average spiking.

I already covered in my article on [how to determine cause of server usage spike](/support/server/server-usage/determine-cause-of-server-usage-spike/) tracking down Apache requests from a time period when your server’s load average was spiking in the past. Now I’ll be covering how you can view the most recent website requests, so that you can investigate a live load issue on your server.

In order to follow along with these steps you’d need to have either a VPS or dedicated server, that way you can access the server via SSH to run the commands we’ll go over.

## View Apache requests with whm-server-status

Following the steps below you’ll be able to view the active website requests that Apache is handling on your server. This will allow you to hopefully pinpoint resource intensive portions of your site that could be leading to your server’s load average spiking.

1. [Login to your server via SSH](/support/server/ssh/how-to-login-ssh/).
2. Run the following command to see what domain currently has the most requests going to it: `lynx -dump --width=500 localhost/whm-server-status | egrep "GET|POST" | awk '{print $12}' | sort | uniq -c | sort -n` **Code breakdown:** lynx -dump –width=500 localhost/whm-server-status Run the text based **lynx** web browser with the **-dump** flag and set the **–width** to **500** on the **localhost/whm-server-status** URL which gives back the Apache requests. egrep “GET|POST” Use the **egrep** command to only show either **GET** or **POST** requests, as otherwise you would also get back some **NULL** requests as well. awk ‘{print $12}’ Use the **awk** command to only print out the **$12**th column of data which is the domain name in the request. sort | uniq -c | sort -n Sort the domain names, uniquely count them, and then sort them numerically from lowest to highest. You should get back something like this: `12 test.example.com 16 wordpress.example.com 345 example.com ` In this case we can see that the **example.com** site is getting by far the most requests.
3. You can now adjust the previous command to view the requests for the one **example.com** domain that was getting the highest amount of requests: `lynx -dump --width=500 localhost/whm-server-status | egrep "GET|POST" | grep example.com | awk '{print $14}' | sort | uniq -c | sort -n` **Code breakdown:** lynx -dump –width=500 localhost/whm-server-status Run the text based **lynx** web browser with the **-dump** flag and set the **–width** to **500** on the **localhost/whm-server-status** URL which gives back the Apache requests. egrep “GET|POST” Use the **egrep** command to only show either **GET** or **POST** requests, as otherwise you would also get back some **NULL** requests as well. grep example.com | awk ‘{print $14}’ Use the **grep** command to only show requests from the **example.com** domain. Then use the **awk** command to print out the **$14**th column which is the actual file being requested. sort | uniq -c | sort -n Sort the requests, uniquely count them, and then sort them numerically from lowest to highest. You should get back something along theese lines: `15 /index.php 25 /blog/index.php 305 /blog/wp-comments-post.php ` So here we can see that the URL **/blog/wp-comments-post.php** is getting slammed with traffic.
4. Finally we can look for the IP addresses hitting the **/blog/wp-comments-post.php** script to see if the activity is malicious in nature: `lynx -dump --width=500 localhost/whm-server-status | egrep "GET|POST" | grep example.com | grep wp-comments-post.php | awk '{print $11}' | sort -n | uniq -c | sort -n` **Code breakdown:** lynx -dump –width=500 localhost/whm-server-status Run the text based **lynx** web browser with the **-dump** flag and set the **–width** to **500** on the **localhost/whm-server-status** URL which gives back the Apache requests. egrep “GET|POST” Use the **egrep** command to only show either **GET** or **POST** requests, as otherwise you would also get back some **NULL** requests as well. grep example.com | grep wp-comments-post.php Use the **grep** command to only show requests from the **example.com** domain. Then use the **grep** command again to only look for requests of the **wp-comments-post.php** script. awk ‘{print $11}’ Use the **awk** command to only print out the **$11**th column of data which is the IP address of the requests. sort -n | uniq -c | sort -n Finally sort the IP addresses numerically, uniquely count them, then sort them again numerical from lowest to highest amount of reqeusts.. You should get back something along these lines: `1 123.123.123.124 304 123.123.123.123` In this case we can tell that the IP address **123.123.123.123** was responsible for just about every single one of the **305** requests to **wp-comments-post.php**.
5. If you wanted to block that IP address from being able to access your server any longer, you can do this by blocking them at your server’s firewall with the following command: `apf -d 123.123.123.123 "Spamming example.com/blog/wp-comments-post.php"`

You should now know how to investigate the current Apache requests that are happening on your server using the **whm-server-status** feature of WHM.
