httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Ristic <iv...@webkreator.com>
Subject Re: Username logging in Form-Based (Custom) authentication
Date Tue, 08 Jun 2004 14:07:31 GMT

> Is there a module / or a development effort that allows to log form-based
> authentication (field j_username) i.e. username in standard apache log
> files?

  Not to the standard log files, but close.

  With mod_security (http://www.modsecurity.org), you can log POST
  requests to a separate log file.

  I am toying with the idea to trick the server into logging POST data
  as a QUERY_STRING, but I'm not quite sure how that would work.
  If anyone cares to comment, I'd gladly listen.

  I also plan to include functionality to sanitize parameters
  selectively, to avoid having sensitive stuff (passwords, CC details)
  in the log.

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

Mime
View raw message