Preventing an Apache 2 Server from Logging Sensitive Data

Apache 2 by default logs the entire request URI including query string of every request.

What is a straight forward way to prevent an Apache 2 web server from logging sensitive data, for example passwords, credit card numbers, etc., but still log the rest of the request?

I would like to log all log-in attempts including the attempted username as Apache does by default, and prevent Apache from logging the password directly.

I have looked through the Apache 2 documentation and there doesn't appear to be an easy way to do this other than completely preventing logging of these requests (using SetEnvIf).

How can I accomplish this?


Solution 1:

Apache 2 by default logs the entire request URI including query string of every request.

What is a straight forward way to prevent an Apache 2 web server from logging sensitive data, for example passwords, credit card numbers, etc., but still log the rest of the request?

Am I reading right, that you are sending sensitive information in URI as QueryString ? I would suggest changing the application so it does do so in the first place.

Then, there would be no requirement to change apache, since, it does not do any such thing by default.

Solution 2:

You can mask the passwords before they end up in access.log by combining a CustomLog directive with a bit of sed magic (as instructed in https://stackoverflow.com/a/9473943/102170):

This would replace every occurrence of password=secret with password=[FILTERED] in /your/path/access.log:

CustomLog "|/bin/sed -u -E s/'param=[^& \t\n]*'/'param=\[FILTERED\]'/g >> /your/path/access.log" combined

That being said, it would be best to avoid putting sensitive data in the query strings if possible.

Solution 3:

You read up on the difference between GET and POST and rewrite your applications to stop putting passwords and info in GET parameters.