You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/11/22 09:25:20 UTC

[Bug 65696] New: [authz_core] IPv6 addresses are logged in a not recommended format

https://bz.apache.org/bugzilla/show_bug.cgi?id=65696

            Bug ID: 65696
           Summary: [authz_core] IPv6 addresses are logged in a not
                    recommended format
           Product: Apache httpd-2
           Version: 2.4.51
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_core
          Assignee: bugs@httpd.apache.org
          Reporter: shadow@systemli.org
  Target Milestone: ---

Dear apache team, first of all thank you for awesome piece of software. 

I would like to submit the following bug. IPv6 addresses logged by the
authz_core module seem to be logged in a non recommended format ( [client
ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] ). This makes it hard for
rsyslog to anonymize the logs, because due to the :, it can't distinguish where
the IPv6 address ends. 

According to the RFC this format should be used
(https://datatracker.ietf.org/doc/html/rfc5952#section-6)

This is already fixed in a next version of rsyslog, but I found it worthy to
mention it here, so you might address this in apache2.

See the corresponding bug and bugfix in rsyslog mmanon module:
https://github.com/rsyslog/rsyslog/issues/4725

As an example:
```
Nov  1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021]
[authz_core:error] [pid 3195941:tid 139935243814656] [client
ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] AH01630: client denied by server
configuration: /var/www/www.mysite.to/www/xmlrpc.php`
```

According to the RFC another format should be used
(https://datatracker.ietf.org/doc/html/rfc5952#section-6)
```
Nov  1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021]
[authz_core:error] [pid 3195941:tid 139935243814656] [client
ca00:6920:e180:c12c:ed3f:3024:d991:ec2e]:64833 AH01630: client denied by server
configuration: /var/www/www.mysite.to/www/xmlrpc.php`
```

Thank you very much.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65696] [authz_core] IPv6 addresses are logged in a not recommended format

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65696

--- Comment #1 from Ruediger Pluem <rp...@apache.org> ---
@my peers / fellow developers: Any preference? Should we in case of an IPV6
address

1. Replace the ':' before the port with a '.'?
2. Replace the ':' before the port with a '#'?
3. Have the IPV6 address in [] and leave the ':'?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65696] [authz_core] IPv6 addresses are logged in a not recommended format

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65696

--- Comment #2 from Stefan Eissing <ic...@apache.org> ---
While the recommended style [ipv6]:port is clear, this will mess up any naive
log parser that chunks on "[]" pairs. The format reported seems to be our
generic log_remote_address() from server/log.c

I favour option 3, but in case we need to be careful with log parsers, I'd
choose option 2.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65696] [authz_core] IPv6 addresses are logged in a not recommended format

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65696

--- Comment #3 from Yann Ylavic <yl...@gmail.com> ---
Hm, no parser would recognize 1. or 2., and 3. might break the default layout.
Do nothing? By default the last colon is for the port, which is always there..

Maybe handle a new ->arg letter for the ErrorLogFormat, e.g. 'x' which would
allow those who care to specify "%{x}A" or "%{x}a" or "%{cx}a"?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org