{dis|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log.

2025-09-29 19:24:29 +03:00 · 2017-05-08 15:36:58 -03:00
parent da995bb636
commit 70322304f2
3 changed files with 32 additions and 2 deletions
--- a/3
+++ b/3
@@ -1,6 +1,9 @@
 DD MMM YYYY - 2.9.2 - To be released
 ------------------------------------
 * {dis|en}able-server-context-logging: Option to disable logging of
   server info (log producer, sanitized objects, ...) in audit log.
   [Issue #1069 - Marc Stern]
 * Allow drop to work with mod_http2
   [Issue #1308, #992 - @bazzadp]
 * Fix SecConn(Read|Write)StateLimit on Apache 2.4
--- a/apache2/msc_logging.c
+++ b/apache2/msc_logging.c
@@ -1180,6 +1180,9 @@ void sec_audit_logger_json(modsec_rec *msr) {
            yajl_kv_bool(g, "response_body_dechunked", 1);
        }
 #ifdef LOG_NO_SERVER_CONTEXT
        if (msr->txcfg->debuglog_level >= 9) {
 #endif
        sec_auditlog_write_producer_header_json(msr, g);
        /* Server */
@@ -1274,6 +1277,9 @@ void sec_audit_logger_json(modsec_rec *msr) {
        if (been_opened == 1) {
            yajl_gen_map_close(g); // sanitized args map is finished
        }
 #ifdef LOG_NO_SERVER_CONTEXT
 		}
 #endif
        /* Web application info. */
        if ( ((msr->txcfg->webappid != NULL)&&(strcmp(msr->txcfg->webappid, "default") != 0))
@@ -2022,6 +2028,9 @@ void sec_audit_logger_native(modsec_rec *msr) {
            sec_auditlog_write(msr, text, strlen(text));
        }
 #ifdef LOG_NO_SERVER_CONTEXT
        if (msr->txcfg->debuglog_level >= 9) {
 #endif
        sec_auditlog_write_producer_header(msr);
        /* Server */
@@ -2090,8 +2099,11 @@ void sec_audit_logger_native(modsec_rec *msr) {
                sec_auditlog_write(msr, text, strlen(text));
            }
        }
 #ifdef LOG_NO_SERVER_CONTEXT
 		}
 #endif
-        /* Web application info. */
+		/* Web application info. */
        if ( ((msr->txcfg->webappid != NULL)&&(strcmp(msr->txcfg->webappid, "default") != 0))
            || (msr->sessionid != NULL) || (msr->userid != NULL))
        {
--- a/configure.ac
+++ b/configure.ac
@@ -517,6 +517,21 @@ AC_ARG_ENABLE(stopwatch-logging,
  log_stopwatch=''
 ])
 # Disable logging of server context
 AC_ARG_ENABLE(server-context-logging,
              AS_HELP_STRING([--enable-server-context-logging],
                             [Enable logging of server info (log producer, sanitized objects, ...) in audit log when log level < 9. This is the default]),
 [
  if test "$enableval" != "no"; then
    log_server_context=
  else
    log_server_context="-DLOG_NO_SERVER_CONTEXT"
  fi
 ],
 [
  log_server_context=''
 ])
 # Ignore configure errors
 AC_ARG_ENABLE(errors,
              AS_HELP_STRING([--disable-errors],
@@ -767,7 +782,7 @@ else
  fi
 fi
-MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_dechunk $log_stopwatch $log_handler"
+MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_dechunk $log_stopwatch $log_handler $log_server_contex"
 APXS_WRAPPER=build/apxs-wrapper
 APXS_EXTRA_CFLAGS=""