Welcome! Log In Create A New Profile

Advanced

HTTP Authorization header in error log when debug level

Posted by jgorlick 
HTTP Authorization header in error log when debug level
December 14, 2022 04:32PM
When at debug level, the HTTP Authorization header, including the base64-encoded username:password, is written to the error_log.

The access_log has an optional `if` clause. If error_log also provides an optional `if` clause, we can filter out sensitive information, ie the Authorization header.

It is understandable that the access_log has far fewer log entries than the error_log, so support for the `if` clause was reasonable to not support. However, how to achieve ensuring sensitive information is not logged via the error_log is otherwise difficult to achieve.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 101
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready