Justin Erenkrantz wrote: > This might be enough of a widespread concern that we need to > figure out how to cleanly address this. But, I don't think > we have anything in place for that currently.
We are also looking at writing a module that can watch the traffic on a webserver and send a copy of each request and response to a monitoring server which needs to do some analysis of the performance and availability of the server, and also of the underlying webapps. The problem today is how to cleanly get the post bodies and the response bodies. Such a filter would have to grab the data after decryption / before encryption (i.e. sit "under" the SSL filter), but "outside" any other filters or modules. Any suggestions on how this can be done cleanly, and any pitfalls to watch out for? -- Shankar.
