You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jignesh Badani <jb...@mmsa.com> on 2013/07/26 05:33:24 UTC
[users@httpd] Logging Base64 decoded info in access_log
Hello, we have a custom user tracker cookie which is currently Base64
encoded and gets tacked along to each request in the access log.
We now have a new requirement to store the decoded value in the access log
instead.
So cookie gets written to the user's browser encoded, but when a user makes
a new request, the cookie needs to be read, Base64 decoded before being
written to the access log.
We are on Apache 2.2.x
To my surprise, after spending quite a few hours on google and apache docs,
there is no way of achieving something so trivial within Apache or I am
nuts and overlooking something so basic.
I do see that SSI includes a way to set a base64 encoded/decoded variable.
But what I need is SetEnv or Mod_Rewrite to be able to read and base64
decode a env (cookie) variable.
There is an open source mod_setenvifplus option but mgmt will not approve
it.
Thank you for your help.
-jigs
Re: [users@httpd] Logging Base64 decoded info in access_log
Posted by Igor Cicimov <ic...@gmail.com>.
On 28/07/2013 3:36 AM, "Rainer Jung" <ra...@kippdata.de> wrote:
>
> On 27.07.2013 10:29, Pete Houston wrote:
> > On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote:
> >> Thanks Pete, yes, post processing the log file nightly is the option I
was
> >> considering. I am doing it currently on a per request basis. But I was
> >> hoping to avoid it if I could do it in real time by calling on B64
decode
> >> on the cookie.
> >
> > I do not see the advantage in doing it in real time over
> > post-processing. The docs are pretty clear on this too.
> >
> > http://httpd.apache.org/docs/2.4/logs.html#piped says
> >
> > As with conditional logging, piped logs are a very powerful tool,
> > but they should not be used where a simpler solution like off-line
> > post-processing is available.
> >
> > which is good advice.
> >
> >> Piped logs is an option I did not consider even though I am currently
using
> >> it for logs rotation. Can you suggest how I can achieve what you are
> >> proposing w/o loosing out on the log rotation functionality.
> >>
> >> I have the following in my httpd config:
> >>
> >> -------
> >> CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/access_log
86400"
> >> combined env=!dontlog
> >>
> >> #where dontlog are a couple of load balancers IP address I want to
keep out
> >> of the access logs.
> >>
> >> -----------
> >
> > If you go against the advice in the documentation and decide to do it
> > with piped logs just use something like
> >
> > CustomLog "|/path/to/filterprog | /opt/apache/bin/rotatelogs
/opt/apache/logs/access_log 86400" combined env=!dontlog
> >
> > And remember the docs also say:
> >
> > Piped log processes are spawned by the parent Apache httpd
process,
> > and inherit the userid of that process. This means that piped log
> > programs usually run as root. It is therefore very important to
keep
> > the programs simple and secure.
>
> ... and handle the signals issued during Apache (graceful) restart to
> all children including such piped filters.
>
> Regards,
>
> Rainer
>
Or you can use
CustomLog "||/path/to/filterprog ...
so apache doesnt spawn new shell
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Re: [users@httpd] Logging Base64 decoded info in access_log
Posted by Rainer Jung <ra...@kippdata.de>.
On 27.07.2013 10:29, Pete Houston wrote:
> On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote:
>> Thanks Pete, yes, post processing the log file nightly is the option I was
>> considering. I am doing it currently on a per request basis. But I was
>> hoping to avoid it if I could do it in real time by calling on B64 decode
>> on the cookie.
>
> I do not see the advantage in doing it in real time over
> post-processing. The docs are pretty clear on this too.
>
> http://httpd.apache.org/docs/2.4/logs.html#piped says
>
> As with conditional logging, piped logs are a very powerful tool,
> but they should not be used where a simpler solution like off-line
> post-processing is available.
>
> which is good advice.
>
>> Piped logs is an option I did not consider even though I am currently using
>> it for logs rotation. Can you suggest how I can achieve what you are
>> proposing w/o loosing out on the log rotation functionality.
>>
>> I have the following in my httpd config:
>>
>> -------
>> CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400"
>> combined env=!dontlog
>>
>> #where dontlog are a couple of load balancers IP address I want to keep out
>> of the access logs.
>>
>> -----------
>
> If you go against the advice in the documentation and decide to do it
> with piped logs just use something like
>
> CustomLog "|/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400" combined env=!dontlog
>
> And remember the docs also say:
>
> Piped log processes are spawned by the parent Apache httpd process,
> and inherit the userid of that process. This means that piped log
> programs usually run as root. It is therefore very important to keep
> the programs simple and secure.
... and handle the signals issued during Apache (graceful) restart to
all children including such piped filters.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Logging Base64 decoded info in access_log
Posted by Pete Houston <ph...@openstrike.co.uk>.
On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote:
> Thanks Pete, yes, post processing the log file nightly is the option I was
> considering. I am doing it currently on a per request basis. But I was
> hoping to avoid it if I could do it in real time by calling on B64 decode
> on the cookie.
I do not see the advantage in doing it in real time over
post-processing. The docs are pretty clear on this too.
http://httpd.apache.org/docs/2.4/logs.html#piped says
As with conditional logging, piped logs are a very powerful tool,
but they should not be used where a simpler solution like off-line
post-processing is available.
which is good advice.
> Piped logs is an option I did not consider even though I am currently using
> it for logs rotation. Can you suggest how I can achieve what you are
> proposing w/o loosing out on the log rotation functionality.
>
> I have the following in my httpd config:
>
> -------
> CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400"
> combined env=!dontlog
>
> #where dontlog are a couple of load balancers IP address I want to keep out
> of the access logs.
>
> -----------
If you go against the advice in the documentation and decide to do it
with piped logs just use something like
CustomLog "|/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400" combined env=!dontlog
And remember the docs also say:
Piped log processes are spawned by the parent Apache httpd process,
and inherit the userid of that process. This means that piped log
programs usually run as root. It is therefore very important to keep
the programs simple and secure.
Good luck,
Pete
--
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
Re: [users@httpd] Logging Base64 decoded info in access_log
Posted by Jignesh Badani <jb...@mmsa.com>.
Thanks Pete, yes, post processing the log file nightly is the option I was
considering. I am doing it currently on a per request basis. But I was
hoping to avoid it if I could do it in real time by calling on B64 decode
on the cookie.
Piped logs is an option I did not consider even though I am currently using
it for logs rotation. Can you suggest how I can achieve what you are
proposing w/o loosing out on the log rotation functionality.
I have the following in my httpd config:
-------
CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400"
combined env=!dontlog
#where dontlog are a couple of load balancers IP address I want to keep out
of the access logs.
-----------
regards
-Jigs
From: Pete Houston <ph...@openstrike.co.uk>
To: users@httpd.apache.org,
Date: 07/26/2013 12:47 AM
Subject: Re: [users@httpd] Logging Base64 decoded info in access_log
Hi Jigs,
Maybe I'm missing something, but why not just post-process the logs?
Alternatively if you need this done in real-time for some reason you can
use piped logs and process them in-line that way.
Good luck with the management,
Pete
--
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
[attachment "attnm6va.dat" deleted by Jignesh Badani/MMSA/MMCX]
Re: [users@httpd] Logging Base64 decoded info in access_log
Posted by Pete Houston <ph...@openstrike.co.uk>.
Hi Jigs,
Maybe I'm missing something, but why not just post-process the logs?
Alternatively if you need this done in real-time for some reason you can
use piped logs and process them in-line that way.
Good luck with the management,
Pete
--
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107