https://blogs.apache.org/infra/entry/apache_org_incident_report_for
Infra got bit by mod_log_forensic logs including Authorization headers
and being world-readable, so in an effort to save someone else from
repeating this mistake how about adding it to the "Security
considerations" section of the documentation:
[[[
Index: docs/manual/mod/mod_log_forensic.xml
===================================================================
--- docs/manual/mod/mod_log_forensic.xml (revision 1342688)
+++ docs/manual/mod/mod_log_forensic.xml (working copy)
@@ -93,6 +93,10 @@
document for details on why your security could be compromised
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.</p>
+ <p>The logfiles may contain sensitive data such as the contents of
+ <code>Authorization:</code> headers (which can contain passwords), so
+ they should not be readable by anyone except the user that starts the
+ server.</p>
</section>
<directivesynopsis>
]]]
Perhaps it would be a useful feature to allow excluding those headers
from being logged, too.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
