Skip to content

Use standard httpd logging format in error log #3192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 12, 2024
Merged

Use standard httpd logging format in error log #3192

merged 5 commits into from
Aug 12, 2024

Conversation

marcstern
Copy link

@marcstern marcstern commented Jul 22, 2024
edited
Loading

All credits to @arminabf - see #1997

Use the server context, like in all other places to use standard httpd format.

Remark: We previously had a mix; some entries were using the standard httpd format, some not.
Entries using the standard httpd format had the [client] field duplicated.
In this PR, we use standard logging for all lines and remove the duplicated field.
Actual changes:

  • entries that were not using the standard format will use it
  • entries that were using the standard format won't have the [client] field duplicated anymore

Remove redundant entry
0be1f15 
[client %s] is added by the standard httpd log function => remove it
@fzipi
Copy link
Contributor

fzipi commented Jul 31, 2024

Is there a way to actually test this change?

@theseion
Copy link
Collaborator

theseion commented Aug 1, 2024

Sounds good, but I'm with @fzipi. From the code it's not clear what the output will be. Does the [client] field still contain the same IP address that ModSecurity would have injected in every case?

@marcstern
Copy link
Author

Sounds good, but I'm with @fzipi. From the code it's not clear what the output will be. Does the [client] field still contain the same IP address that ModSecurity would have injected in every case?

Yes, same logic: useragent_ip if present, client_ip otherwise

@marcstern
Copy link
Author

Code from httpd log.c

if (info->r) {
    len += apr_snprintf(buf + len, buflen - len,
                        info->r->connection->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
                        info->r->useragent_ip,
                        info->r->useragent_addr ? info->r->useragent_addr->port : 0);
}
else if (info->c) {
    len += apr_snprintf(buf + len, buflen - len,
                        info->c->sbh ? "[client %s:%d] " : "[remote %s:%d] ",
                        info->c->client_ip,
                        info->c->client_addr ? info->c->client_addr->port : 0);
}

@theseion
Copy link
Collaborator

theseion commented Aug 2, 2024

That's good. But a test that asserts the log format would be even better.

@marcstern marcstern added the 2.x Related to ModSecurity version 2.x label Aug 7, 2024
@marcstern
Copy link
Author

I added some tests

@theseion
Copy link
Collaborator

theseion commented Aug 7, 2024

Thanks, that's great. @airween, isn't there a test suite for ModSecurity where the test could be added?

airween
airween requested changes Aug 7, 2024
View reviewed changes
@airween
Copy link
Member

airween commented Aug 7, 2024

Thanks, that's great. @airween, isn't there a test suite for ModSecurity where the test could be added?

Unfortunately no, there isn't.

We have only this CI:

And as @marcstern wrote, he added a test (but I'm not sure that's what we expect - I'm waiting for Marc's answer).

But as I introduced few weeks ago, there is MRTS, where the aim is to create a full covered test suite. Feel free to review and contribute! 😄

Define _FORTIFY_SOURCE=3 & _GLIBCXX_ASSERTIONS that add glibc/libstdc…
d704af6 
…++ assertions.

See https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html & https://gcc.gnu.org/wiki/LibstdcxxDebugMode

_GLIBCXX_ASSERTIONS is probably useless as we have pure C here, but let's define it in case some checks are included (or will be in a future version).
As we handle some requests here, that may help to trap a problem.
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Aug 8, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@airween airween merged commit 935e68c into owasp-modsecurity:v2/master Aug 12, 2024
41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@airween airween airween approved these changes

Assignees

@airween airween

Labels
2.x Related to ModSecurity version 2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marcstern @fzipi @theseion @airween