On 6/6/2012 2:46 PM, Jeff Trawick wrote: > On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf <d...@daniel.shahaf.name> > wrote: >> >> Perhaps it would be a useful feature to allow excluding those headers >> from being logged, too. > > IMO they shouldn't be logged by default (if at all). > Proxy-Authorization also needs to be handled. (Anything else? My > search query foo is particularly bad today.)
ANY parsing which occurs within mod_log_forensic is going to open that module itself to suspicion and potential un-captured exploitative header values. My own theory; provide pipe log redirection and write a filter to do whatever you like to corrupt the pure data received from the client. Otherwise, you have other issues like proxy connect scheme://user:pass@backend/ or session tokens in URL's or cookies to contend with. There is no way to make forensic logging 'safe for general consumption' and that is the message we have to broadcast loudly. A forensic logging pipe could easily kill off all matched requests before they were ever logged to disk, resulting in only unmatched pairs. The parent process which spawned the logger shouldn't be crashing, so the logging should 'just work'. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
