httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: Apche 2.4 docs /wr to CVE-2014-0098 log_cookie directive
Date Mon, 24 Mar 2014 11:50:44 GMT
On Mon, Mar 24, 2014 at 7:34 AM, Hollstein, Mathias
<> wrote:
> Hello Eric,
> so I can safely assume that when using "%{VARNAME}C" for .e.g. like
> (below) it does the trick/causes serious pain to me?


> # CustomLog with format nickname
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{mycookie-name}i\"" common
> CustomLog logs/access_log common

> Can I also assume the documents (current) are perfectly fine since
> "CookieLog Directive" does not have to be specified anymore like
> "CookieLog 'filename'", but the imply is active "automagically" and can
> be used like described above?

I don't think when "CookieLog" did anything it had anything to do with
individual format strings used by the rest of mod_log_config.

> So this essentially mean I have to go through the configs and look for
> such \"%{mycookie-name}i\" statements, right?

"C", not "i"

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message