Return-Path: X-Original-To: apmail-httpd-docs-archive@www.apache.org Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0C5D110B6E for ; Mon, 24 Mar 2014 11:51:15 +0000 (UTC) Received: (qmail 84395 invoked by uid 500); 24 Mar 2014 11:51:13 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 84360 invoked by uid 500); 24 Mar 2014 11:51:11 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 84350 invoked by uid 99); 24 Mar 2014 11:51:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Mar 2014 11:51:11 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of covener@gmail.com designates 209.85.128.182 as permitted sender) Received: from [209.85.128.182] (HELO mail-ve0-f182.google.com) (209.85.128.182) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Mar 2014 11:51:06 +0000 Received: by mail-ve0-f182.google.com with SMTP id jw12so5471878veb.41 for ; Mon, 24 Mar 2014 04:50:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=5WiiELAP/L/pUHXcVYb6KnKEmxU5/LkCBuKUbP5knG4=; b=YpIpwbRG113BXM49RfePYEfgBAAvLU3PdltGwHnDwdAWbO4rMlUiSaLAx60YOFuENk slr4HXZisAXI0fY37fh/kOp22FmD3fvOkbAberYGgjw7uQ3+676zUMN9YXGJST4ZCKzu Vwuvm+BLVyWuojlUxrarHr72kVT2a24F0b8GDSCQmV0RkOz72HWNY7UJHql58mRvmIYF 464oDmgm3Qdq8ExJyrN8G/NBMfNtXGh2UAMv49g+0ySlali9PgQsHx4DvW2n0ERiX5zY z0ic5N3O0xHotEJ4JKXrir/lD1EwkE3HFFK/qBA2frB4Z3Ix9KQs+o2cZgtGMleRBPy+ 9rCw== MIME-Version: 1.0 X-Received: by 10.220.10.2 with SMTP id n2mr656400vcn.26.1395661844936; Mon, 24 Mar 2014 04:50:44 -0700 (PDT) Received: by 10.58.54.52 with HTTP; Mon, 24 Mar 2014 04:50:44 -0700 (PDT) In-Reply-To: <53301855.8060607@destatis.de> References: <53300C52.3070909@destatis.de> <53301855.8060607@destatis.de> Date: Mon, 24 Mar 2014 07:50:44 -0400 Message-ID: Subject: Re: Apche 2.4 docs /wr to CVE-2014-0098 log_cookie directive From: Eric Covener To: docs@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org On Mon, Mar 24, 2014 at 7:34 AM, Hollstein, Mathias wrote: > Hello Eric, > > so I can safely assume that when using "%{VARNAME}C" for .e.g. like > (below) it does the trick/causes serious pain to me? yes > # CustomLog with format nickname > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{mycookie-name}i\"" common > CustomLog logs/access_log common s/i/C > > > Can I also assume the documents (current) are perfectly fine since > "CookieLog Directive" does not have to be specified anymore like > "CookieLog 'filename'", but the imply is active "automagically" and can > be used like described above? I don't think when "CookieLog" did anything it had anything to do with individual format strings used by the rest of mod_log_config. > So this essentially mean I have to go through the configs and look for > such \"%{mycookie-name}i\" statements, right? "C", not "i" --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org