Wednesday Jan 28, 2009

How to truncate the request URL written to the Web Server 6.1 access log.

Q:  How can I trim the request line written to the access logs so that the whole
    URL is not written but only a piece?

    This can be an important consideration where there is the possibilit that
    sensitive data such as a password may be written to the log files in
    clear text.

example line written to access log:

135.155.56.162 - - [26/Jan/2009:20:53:04 -0500] "GET
/US/ABC/signon/DisplayUsernameSignon.do?password=nevershowthis

and here is what we would like to see:

/US/ABC/signon/DisplayUsernameSignon.do

A:  To accomplish this for a single particular URL as is listed the following
    can be performed:

<Object ppath="\*(\*/ABC/sign/DisplayUsernameSignon.do\*)">
AuthTrans fn="set-variable" set-reqpb="clf-request=/ABC/sign/DisplayUsername.do"
</Object>


The above has the effect of rewriting the clf-request in the access logs
to change it to just /JSO/sign/DisplayUsername.do.

This solution will work for one particular URL but to do this for all URL's
it would require the creation of an NSAPI filter.

Tuesday Dec 30, 2008

Is there a way to dynamically set the "Expires" header using WebServer 6.1?

Q: Is there a way to dynamically set the "Expires" header using WebServer 6.1?

A; The answer is "yes" and "no".  Out of the box, this functionality
   is not available for Web Server Version 6.1 (or earlier releases
   for that matter).  A blog site at SUN however does reference some
   other sites that outline how to do this via a customized approach.
   Please see:

   <a href="http://blogs.sun.com/walter/entry/nsapi_code_to_add_expires"> http://blogs.sun.com/walter/entry/nsapi_code_to_add_expires </a>

   ...and note that any undertaking based upon these notes is entirely
   at the risk of the person doing so.  SUN does not support this officially.

   It is possible to also set the expiry header to a static date under
   Web Server 6.1 by doint the following in obj.conf file under default object:

   Output type="image/\*" fn="set-variable" set-srvhdrs="Expires: Mon, 29 Dec 2008 0:00:00 GMT"

   Important Note:

   At Web Server release 7.x this functionality is built in to the webserver!

   For reference, please see the following link:

   <a href="http://docs.sun.com/app/docs/doc/820-6599/gbywa?l=en&a=view"> http://docs.sun.com/app/docs/doc/820-6599/gbywa?l=en&a=view </a>

Wednesday Nov 19, 2008

WebServer can log the end client browser's ssl capabilities in the log file

This is pretty nifty....

Apparently, the Sun WebServer can log what the end client browser's encryption capabilities.  The information is picked up during the SSL Handshake.

The %Ses->client.secret-keysize% logs the browsers encryption capablity in the access log.  This would be added to the format line of the access log (its the top line).


About

Gregory Bedigian

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today