Dear apache team, first of all thank you for awesome piece of software. I would like to submit the following bug. IPv6 addresses logged by the authz_core module seem to be logged in a non recommended format ( [client ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] ). This makes it hard for rsyslog to anonymize the logs, because due to the :, it can't distinguish where the IPv6 address ends. According to the RFC this format should be used (https://datatracker.ietf.org/doc/html/rfc5952#section-6) This is already fixed in a next version of rsyslog, but I found it worthy to mention it here, so you might address this in apache2. See the corresponding bug and bugfix in rsyslog mmanon module: https://github.com/rsyslog/rsyslog/issues/4725 As an example: ``` Nov 1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021] [authz_core:error] [pid 3195941:tid 139935243814656] [client ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] AH01630: client denied by server configuration: /var/www/www.mysite.to/www/xmlrpc.php` ``` According to the RFC another format should be used (https://datatracker.ietf.org/doc/html/rfc5952#section-6) ``` Nov 1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021] [authz_core:error] [pid 3195941:tid 139935243814656] [client ca00:6920:e180:c12c:ed3f:3024:d991:ec2e]:64833 AH01630: client denied by server configuration: /var/www/www.mysite.to/www/xmlrpc.php` ``` Thank you very much.
@my peers / fellow developers: Any preference? Should we in case of an IPV6 address 1. Replace the ':' before the port with a '.'? 2. Replace the ':' before the port with a '#'? 3. Have the IPV6 address in [] and leave the ':'?
While the recommended style [ipv6]:port is clear, this will mess up any naive log parser that chunks on "[]" pairs. The format reported seems to be our generic log_remote_address() from server/log.c I favour option 3, but in case we need to be careful with log parsers, I'd choose option 2.
Hm, no parser would recognize 1. or 2., and 3. might break the default layout. Do nothing? By default the last colon is for the port, which is always there.. Maybe handle a new ->arg letter for the ErrorLogFormat, e.g. 'x' which would allow those who care to specify "%{x}A" or "%{x}a" or "%{cx}a"?