You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by nd...@apache.org on 2003/04/06 23:45:17 UTC

cvs commit: httpd-docs-1.3/htdocs/manual/mod mod_log_config.html

nd          2003/04/06 14:45:17

  Modified:    htdocs/manual/mod mod_log_config.html
  Log:
  document log escaping
  
  Reviewed by: Astrid Ke�ler, Erik Abele
  
  Revision  Changes    Path
  1.54      +14 -5     httpd-docs-1.3/htdocs/manual/mod/mod_log_config.html
  
  Index: mod_log_config.html
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_log_config.html,v
  retrieving revision 1.53
  retrieving revision 1.54
  diff -u -r1.53 -r1.54
  --- mod_log_config.html	31 May 2002 07:30:26 -0000	1.53
  +++ mod_log_config.html	6 Apr 2003 21:45:17 -0000	1.54
  @@ -122,11 +122,20 @@
       "%!200,304,302{Referer}i" logs Referer: on all requests which
       did <strong>not</strong> return some sort of normal status.</p>
   
  -    <p>Note that there is no escaping performed on the strings from
  -    %...r, %...i and %...o. This is mainly to comply with the
  -    requirements of the Common Log Format. This implies that
  -    clients can insert control characters into the log, so care
  -    should be taken when dealing with raw log files.</p>
  +    <p>Note that in versions previous to 1.3.25 no escaping has been performed
  +    on the strings from <code>%...r</code>, <code>%...i</code> and
  +    <code>%...o</code>. This was mainly to comply with the requirements of
  +    the Common Log Format. This implied that clients could insert control
  +    characters into the log, so you had to be quite careful when dealing
  +    with raw log files.</p>
  +
  +    <p>For security reasons starting with 1.3.25 non-printable and
  +    other special characters are escaped mostly by using
  +    <code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
  +    the hexadecimal representation of the raw byte. Exceptions from this
  +    rule are <code>"</code> and <code>\</code> which are escaped by prepending
  +    a backslash, and all whitespace characters that are written in their
  +    C-notation (<code>\n</code>, <code>\t</code> etc).</p>
   
       <p>Some commonly used log format strings are:</p>
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org