Re: Using server variables in CustomLog Directives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 29, 2019 at 2:55 PM Ori Liel <oliel@xxxxxxxxxx> wrote:
I have a server application, and for security reasons I'm trying to prevent requests, which provide 'username' and 'password' as query parameters, from being logged (providing these parameters as query parameters is a user mistake, but still...)


I've tried this way: 


   SetEnvIf QUERY_STRING "username.*password|password.*username" dontlog
   CustomLog logs/my_log common env=!dontlog

Just clarifying that the above was written in /etc/httpd/conf.d/ssl.conf 

But the unwanted requests were still being printed to the log. I wanted to verify that QUERY_STRING contains what I expected it to, so I tried to print it out:

   CustomLog logs/my_log "%{QUERY_STRING}e"

But no matter what request was made, only '-' was printed to the log. I've done the same for other server variables, e.g: REQUEST_URI, THE_REQUEST, etc - and all were empty (or rather only contained the '-' character.

What am I missing?

Thanks!



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux