I have an nginx server that logs POST $request_body to a file. When I post json to the server, it replaces quotes (") with \x22.
My config looks like this
server {
server_name myServer;
listen 8180;
log_format logMyServer '$request_body';
location /myServer {
access_log /var/log/nginx/request_bodies.log logMyServer;
proxy_pass http://127.0.0.1:8000/;
break;
}
}
Here is how I'm generating the request:
curl -H "Content-Type: application/json" -X POST -d '{"some":{"foo":"bar"}}' localhost:8180/myServer/
My questions are:
- What kind of encoding is \x[number]?
- Is there a way I can configure the logging to include quotes instead of \x22?
\x[number] indicates hexadecimal. Quotes throw off log analyzers (mostly ones that assume that it'll be using apache's Common Log Format which surrounds requests with quotes in order to keep the method, url, and version together). It looks like someone complained about the quotes, which (along with the terminal escape injection vulnerability) is what led to the escaping. It looks like the patch never got modified to let you turn it off.
You'll need to parse them out on your end. You can replace \x with % to match URL-encoding, or just do the hex conversion yourself.