From c1c91e24cde4bd27e1e0ff5dbd6df48956a7731c Mon Sep 17 00:00:00 2001
From: Marc Stern <marc.stern@approach.be>
Date: Fri, 9 Dec 2016 10:27:24 +0100
Subject: [PATCH] {dis|en}able-filename-logging: Option to disable logging of
 filename in audit log [Issue #1065 - Marc Stern]

---
 CHANGES                |  3 +++
 apache2/apache2_util.c |  2 ++
 apache2/re.c           |  2 ++
 configure.ac           | 17 ++++++++++++++++-
 4 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 833bef0f..9765bb2a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
 DD MMM YYYY - 2.9.2 - To be released
 ------------------------------------
 
+ * {dis|en}able-filename-logging: Option to disable logging of filename
+   in audit log.
+   [Issue #1065 - Marc Stern]
  * Reads fuzzy hash databases on init
    [Issue #1339 - Robert Paprocki and @Rendername]
  * Changes the configuration to recognize soap+xml as XML
diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
index ed5b0ba2..24bba0ce 100644
--- a/apache2/apache2_util.c
+++ b/apache2/apache2_util.c
@@ -339,6 +339,7 @@ char *format_error_log_message(apr_pool_t *mp, error_message_t *em) {
 
     if (em == NULL) return NULL;
 
+#ifndef LOG_NO_FILENAME
     if (em->file != NULL) {
         s_file = apr_psprintf(mp, "[file \"%s\"] ",
             log_escape(mp, (char *)em->file));
@@ -349,6 +350,7 @@ char *format_error_log_message(apr_pool_t *mp, error_message_t *em) {
         s_line = apr_psprintf(mp, "[line %d] ", em->line);
         if (s_line == NULL) return NULL;
     }
+#endif
 
     s_level = apr_psprintf(mp, "[level %d] ", em->level);
     if (s_level == NULL) return NULL;
diff --git a/apache2/re.c b/apache2/re.c
index 7e0a238c..0d643ab6 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -2194,10 +2194,12 @@ char *msre_format_metadata(modsec_rec *msr, msre_actionset *actionset) {
 
     if (actionset == NULL) return "";
 
+#ifndef LOG_NO_FILENAME
     if ((actionset->rule != NULL) && (actionset->rule->filename != NULL)) {
         fn = apr_psprintf(msr->mp, " [file \"%s\"] [line \"%d\"]",
                 actionset->rule->filename, actionset->rule->line_num);
     }
+#endif
     if (actionset->id != NULL) {
         id = apr_psprintf(msr->mp, " [id \"%s\"]",
                 log_escape(msr->mp, actionset->id));
diff --git a/configure.ac b/configure.ac
index 4eefad81..e7e5098a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -427,6 +427,21 @@ AC_ARG_ENABLE(rule-id-validation,
   unique_id=''
 ])
 
+# Disable logging of filename
+AC_ARG_ENABLE(filename-logging,
+              AS_HELP_STRING([--enable-filename-logging],
+                             [Enable logging of filename in audit log. This is the default]),
+[
+  if test "$enableval" != "no"; then
+    log_filename=
+  else
+    log_filename="-DLOG_NO_FILENAME"
+  fi
+],
+[
+  log_filename=''
+])
+
 # Ignore configure errors
 AC_ARG_ENABLE(errors,
               AS_HELP_STRING([--disable-errors],
@@ -677,7 +692,7 @@ else
   fi
 fi
 
-MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id"
+MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename"
 
 APXS_WRAPPER=build/apxs-wrapper
 APXS_EXTRA_CFLAGS=""