Ping a Specific Port

Question

Mark McDonald

Asked: 2012-10-04 23:33:09 +0800 CST2012-10-04 23:33:09 +0800 CST 2012-10-04 23:33:09 +0800 CST

Is there a way to get Apache to blank sensitive data from logs?

772

We're trying to clean up one of our systems as much as possible & have found that despite our attempts to block, users are accessing a certain part of our system through a HTTP GET with their password in the URL. This results in our Apache logs recording their password in plain text on the server.

Is there an Apache directive or module that can filter out (or replace) certain patterns in its logs?

1 Answers

Voted

Zoredache · Answer 1 · 2012-10-04T23:45:04+08:00

Best Answer

Zoredache

2012-10-04T23:45:04+08:002012-10-04T23:45:04+08:00

Create a LogFormat that has the details you want and then apply it to that virtual host, or the entire web server as desired.

If you need to filter out even more information, then use Apaches ability to write its logs to a pipe instead of a file. Hack yourself up some quick script that applies some regex or whatever to filter out whatever you like.

3

Is there a way to get Apache to blank sensitive data from logs?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?