{dis|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log.

2025-09-29 19:24:29 +03:00 · 2017-05-08 15:36:58 -03:00
parent da995bb636
commit 70322304f2
3 changed files with 32 additions and 2 deletions
--- a/3
+++ b/3
@@ -1,6 +1,9 @@
 DD MMM YYYY - 2.9.2 - To be released
 ------------------------------------

+ * {dis|en}able-server-context-logging: Option to disable logging of
+   server info (log producer, sanitized objects, ...) in audit log.
+   [Issue #1069 - Marc Stern]
 * Allow drop to work with mod_http2
   [Issue #1308, #992 - @bazzadp]
 * Fix SecConn(Read|Write)StateLimit on Apache 2.4
--- a/apache2/msc_logging.c
+++ b/apache2/msc_logging.c
@@ -1180,6 +1180,9 @@ void sec_audit_logger_json(modsec_rec *msr) {
            yajl_kv_bool(g, "response_body_dechunked", 1);
        }

+#ifdef LOG_NO_SERVER_CONTEXT
+        if (msr->txcfg->debuglog_level >= 9) {
+#endif
        sec_auditlog_write_producer_header_json(msr, g);

        /* Server */
@@ -1274,6 +1277,9 @@ void sec_audit_logger_json(modsec_rec *msr) {
        if (been_opened == 1) {
            yajl_gen_map_close(g); // sanitized args map is finished
        }
+#ifdef LOG_NO_SERVER_CONTEXT
+		}
+#endif

        /* Web application info. */
        if ( ((msr->txcfg->webappid != NULL)&&(strcmp(msr->txcfg->webappid, "default") != 0))
@@ -2022,6 +2028,9 @@ void sec_audit_logger_native(modsec_rec *msr) {
            sec_auditlog_write(msr, text, strlen(text));
        }

+#ifdef LOG_NO_SERVER_CONTEXT
+        if (msr->txcfg->debuglog_level >= 9) {
+#endif
        sec_auditlog_write_producer_header(msr);

        /* Server */
@@ -2090,6 +2099,9 @@ void sec_audit_logger_native(modsec_rec *msr) {
                sec_auditlog_write(msr, text, strlen(text));
            }
        }
+#ifdef LOG_NO_SERVER_CONTEXT
+		}
+#endif

 		/* Web application info. */
        if ( ((msr->txcfg->webappid != NULL)&&(strcmp(msr->txcfg->webappid, "default") != 0))
--- a/configure.ac
+++ b/configure.ac
@@ -517,6 +517,21 @@ AC_ARG_ENABLE(stopwatch-logging,
  log_stopwatch=''
 ])

+# Disable logging of server context
+AC_ARG_ENABLE(server-context-logging,
+              AS_HELP_STRING([--enable-server-context-logging],
+                             [Enable logging of server info (log producer, sanitized objects, ...) in audit log when log level < 9. This is the default]),
+[
+  if test "$enableval" != "no"; then
+    log_server_context=
+  else
+    log_server_context="-DLOG_NO_SERVER_CONTEXT"
+  fi
+],
+[
+  log_server_context=''
+])
+
 # Ignore configure errors
 AC_ARG_ENABLE(errors,
              AS_HELP_STRING([--disable-errors],
@@ -767,7 +782,7 @@ else
  fi
 fi

-MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_dechunk $log_stopwatch $log_handler"
+MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_dechunk $log_stopwatch $log_handler $log_server_contex"

 APXS_WRAPPER=build/apxs-wrapper
 APXS_EXTRA_CFLAGS=""