Replies: 1 comment
-
|
Have you been able to come up with a solution? I encounter the exact same problem with the ErrorLogFormat. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Background
I use Apache ErrorLogFormat to output error messages in JSON format. Unfortunately when the message itself is JSON, the double quotes in the payload are not escaped and I end up with invalid JSON.
httpd.conf
ErrorLogFormat '{ "timestamp": "%{u}t", "module": "%-m", "message": "%M" }'
When Apache is run in debug mode, mod_auth_openidc writes the following into the ErrorLog:
oidc_http_request: response={ JSON Payload }
And so with ErrorLogFormat set as above, AND with mod_auth_openidc debugging enabled...
error_log snippet
{ "timestamp": "Fri Sep 27 11:20:42.838013 2024", "module": "auth_openidc", "message": "oidc_http_request: response={\n "issuer" : "https://OP/ID/as",\n "authorization_endpoint" : "https://OP/ID/as/authorize",\n "pushed_authorization_request_endpoint" : "https://OP/ID/as/par",\n}'
i.e. invalid JSON
Annoyingly the Apache error logger does NOT escape any double quotes, it even has an explicit comment that it won't do this!
oidc_debug > ap_log_error > log_error_core > do_errorlog_format > apr_vsnprintf > ap_escape_errorlog_item
which has the comment:
case '"': /* no need for this in error log */
I also tried using a piped logger to handle the raw message; this is even worse: Apache strips out the \ from the \n in the error message (the JSON payload in this case) first!
Is there anything that can be set to ensure that the message being sent to the Apache error logger is fully escaped ?
NB: this appears to be specific to the %M field in the ErrorLogFormat only
Similar discussion at: GrahamDumpleton/mod_wsgi#350
Beta Was this translation helpful? Give feedback.
All reactions