When at debug level, the HTTP Authorization header, including the base64-encoded username:password, is written to the error_log. The access_log has an optional `if` clause. If error_log also provides an optional `if` clause, we can filter out sensitive information, ie the Authorization header. It is understandable that the access_log has far fewer log entries than the error_log, so support fby jgorlick - Ideas and Feature Requests
![]() |
![]() |
![]() |
![]() |
![]() |