httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [PATCH] mod_log_forensic security considerations
Date Thu, 07 Jun 2012 18:18:02 GMT
On 6/6/2012 2:46 PM, Jeff Trawick wrote:
> On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
>>
>> Perhaps it would be a useful feature to allow excluding those headers
>> from being logged, too.
> 
> IMO they shouldn't be logged by default (if at all).
> Proxy-Authorization also needs to be handled.  (Anything else?  My
> search query foo is particularly bad today.)

ANY parsing which occurs within mod_log_forensic is going to open that module
itself to suspicion and potential un-captured exploitative header values.

My own theory; provide pipe log redirection and write a filter to do whatever
you like to corrupt the pure data received from the client.

Otherwise, you have other issues like proxy connect scheme://user:pass@backend/
or session tokens in URL's or cookies to contend with.

There is no way to make forensic logging 'safe for general consumption' and that
is the message we have to broadcast loudly.

A forensic logging pipe could easily kill off all matched requests before they
were ever logged to disk, resulting in only unmatched pairs.  The parent process
which spawned the logger shouldn't be crashing, so the logging should 'just work'.


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message