You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by nd...@apache.org on 2003/04/06 23:45:17 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/mod mod_log_config.html
nd 2003/04/06 14:45:17
Modified: htdocs/manual/mod mod_log_config.html
Log:
document log escaping
Reviewed by: Astrid Ke�ler, Erik Abele
Revision Changes Path
1.54 +14 -5 httpd-docs-1.3/htdocs/manual/mod/mod_log_config.html
Index: mod_log_config.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_log_config.html,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- mod_log_config.html 31 May 2002 07:30:26 -0000 1.53
+++ mod_log_config.html 6 Apr 2003 21:45:17 -0000 1.54
@@ -122,11 +122,20 @@
"%!200,304,302{Referer}i" logs Referer: on all requests which
did <strong>not</strong> return some sort of normal status.</p>
- <p>Note that there is no escaping performed on the strings from
- %...r, %...i and %...o. This is mainly to comply with the
- requirements of the Common Log Format. This implies that
- clients can insert control characters into the log, so care
- should be taken when dealing with raw log files.</p>
+ <p>Note that in versions previous to 1.3.25 no escaping has been performed
+ on the strings from <code>%...r</code>, <code>%...i</code> and
+ <code>%...o</code>. This was mainly to comply with the requirements of
+ the Common Log Format. This implied that clients could insert control
+ characters into the log, so you had to be quite careful when dealing
+ with raw log files.</p>
+
+ <p>For security reasons starting with 1.3.25 non-printable and
+ other special characters are escaped mostly by using
+ <code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
+ the hexadecimal representation of the raw byte. Exceptions from this
+ rule are <code>"</code> and <code>\</code> which are escaped by prepending
+ a backslash, and all whitespace characters that are written in their
+ C-notation (<code>\n</code>, <code>\t</code> etc).</p>
<p>Some commonly used log format strings are:</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org