On Thu, Jun 7, 2012 at 2:18 PM, William A. Rowe Jr. <wr...@rowe-clan.net> wrote: > On 6/6/2012 2:46 PM, Jeff Trawick wrote: >> On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf <d...@daniel.shahaf.name> >> wrote: >>> >>> Perhaps it would be a useful feature to allow excluding those headers >>> from being logged, too. >> >> IMO they shouldn't be logged by default (if at all). >> Proxy-Authorization also needs to be handled. (Anything else? My >> search query foo is particularly bad today.) > > ANY parsing which occurs within mod_log_forensic is going to open that module > itself to suspicion and potential un-captured exploitative header values. > > My own theory; provide pipe log redirection and write a filter to do whatever > you like to corrupt the pure data received from the client. > > Otherwise, you have other issues like proxy connect > scheme://user:pass@backend/ > or session tokens in URL's or cookies to contend with. > > There is no way to make forensic logging 'safe for general consumption' and > that > is the message we have to broadcast loudly.
The list of concerns can't be fixed with with code and we need to put more hints in the documentation. Logging obvious passwords by default is just plain stupid though. > A forensic logging pipe could easily kill off all matched requests before they > were ever logged to disk, resulting in only unmatched pairs. The parent > process > which spawned the logger shouldn't be crashing, so the logging should 'just > work'. Writing only the unmatched requests is equivalent to what you get with mod_whatkilledus, though using a much different implementation. -- Born in Roswell... married an alien... http://emptyhammock.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
