You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/11/22 09:25:20 UTC
[Bug 65696] New: [authz_core] IPv6 addresses are logged in a not recommended format
https://bz.apache.org/bugzilla/show_bug.cgi?id=65696
Bug ID: 65696
Summary: [authz_core] IPv6 addresses are logged in a not
recommended format
Product: Apache httpd-2
Version: 2.4.51
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authz_core
Assignee: bugs@httpd.apache.org
Reporter: shadow@systemli.org
Target Milestone: ---
Dear apache team, first of all thank you for awesome piece of software.
I would like to submit the following bug. IPv6 addresses logged by the
authz_core module seem to be logged in a non recommended format ( [client
ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] ). This makes it hard for
rsyslog to anonymize the logs, because due to the :, it can't distinguish where
the IPv6 address ends.
According to the RFC this format should be used
(https://datatracker.ietf.org/doc/html/rfc5952#section-6)
This is already fixed in a next version of rsyslog, but I found it worthy to
mention it here, so you might address this in apache2.
See the corresponding bug and bugfix in rsyslog mmanon module:
https://github.com/rsyslog/rsyslog/issues/4725
As an example:
```
Nov 1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021]
[authz_core:error] [pid 3195941:tid 139935243814656] [client
ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] AH01630: client denied by server
configuration: /var/www/www.mysite.to/www/xmlrpc.php`
```
According to the RFC another format should be used
(https://datatracker.ietf.org/doc/html/rfc5952#section-6)
```
Nov 1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021]
[authz_core:error] [pid 3195941:tid 139935243814656] [client
ca00:6920:e180:c12c:ed3f:3024:d991:ec2e]:64833 AH01630: client denied by server
configuration: /var/www/www.mysite.to/www/xmlrpc.php`
```
Thank you very much.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65696] [authz_core] IPv6 addresses are logged in a not recommended format
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65696
--- Comment #1 from Ruediger Pluem <rp...@apache.org> ---
@my peers / fellow developers: Any preference? Should we in case of an IPV6
address
1. Replace the ':' before the port with a '.'?
2. Replace the ':' before the port with a '#'?
3. Have the IPV6 address in [] and leave the ':'?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65696] [authz_core] IPv6 addresses are logged in a not recommended format
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65696
--- Comment #2 from Stefan Eissing <ic...@apache.org> ---
While the recommended style [ipv6]:port is clear, this will mess up any naive
log parser that chunks on "[]" pairs. The format reported seems to be our
generic log_remote_address() from server/log.c
I favour option 3, but in case we need to be careful with log parsers, I'd
choose option 2.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65696] [authz_core] IPv6 addresses are logged in a not recommended format
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65696
--- Comment #3 from Yann Ylavic <yl...@gmail.com> ---
Hm, no parser would recognize 1. or 2., and 3. might break the default layout.
Do nothing? By default the last colon is for the port, which is always there..
Maybe handle a new ->arg letter for the ErrorLogFormat, e.g. 'x' which would
allow those who care to specify "%{x}A" or "%{x}a" or "%{cx}a"?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org