Bug 65696 - [authz_core] IPv6 addresses are logged in a not recommended format
Summary: [authz_core] IPv6 addresses are logged in a not recommended format
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_core (show other bugs)
Version: 2.4.51
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-22 09:25 UTC by shadow
Modified: 2021-12-01 13:35 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description shadow 2021-11-22 09:25:20 UTC 
Dear apache team, first of all thank you for awesome piece of software. 

I would like to submit the following bug. IPv6 addresses logged by the authz_core module seem to be logged in a non recommended format ( [client ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] ). This makes it hard for rsyslog to anonymize the logs, because due to the :, it can't distinguish where the IPv6 address ends. 

According to the RFC this format should be used (https://datatracker.ietf.org/doc/html/rfc5952#section-6)

This is already fixed in a next version of rsyslog, but I found it worthy to mention it here, so you might address this in apache2.

See the corresponding bug and bugfix in rsyslog mmanon module: https://github.com/rsyslog/rsyslog/issues/4725

As an example:
```
Nov  1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021] [authz_core:error] [pid 3195941:tid 139935243814656] [client ca00:6920:e180:c12c:ed3f:3024:d991:ec2e:64833] AH01630: client denied by server configuration: /var/www/www.mysite.to/www/xmlrpc.php`
```

According to the RFC another format should be used (https://datatracker.ietf.org/doc/html/rfc5952#section-6)
```
Nov  1 16:35:44 webserver apache: [Mon Nov 01 16:35:44.705418 2021] [authz_core:error] [pid 3195941:tid 139935243814656] [client ca00:6920:e180:c12c:ed3f:3024:d991:ec2e]:64833 AH01630: client denied by server configuration: /var/www/www.mysite.to/www/xmlrpc.php`
```

Thank you very much.
Comment 1 Ruediger Pluem 2021-12-01 11:43:37 UTC 
@my peers / fellow developers: Any preference? Should we in case of an IPV6 address

1. Replace the ':' before the port with a '.'?
2. Replace the ':' before the port with a '#'?
3. Have the IPV6 address in [] and leave the ':'?
Comment 2 Stefan Eissing 2021-12-01 12:43:32 UTC 
While the recommended style [ipv6]:port is clear, this will mess up any naive log parser that chunks on "[]" pairs. The format reported seems to be our generic log_remote_address() from server/log.c

I favour option 3, but in case we need to be careful with log parsers, I'd choose option 2.
Comment 3 Yann Ylavic 2021-12-01 13:35:58 UTC 
Hm, no parser would recognize 1. or 2., and 3. might break the default layout.
Do nothing? By default the last colon is for the port, which is always there..

Maybe handle a new ->arg letter for the ErrorLogFormat, e.g. 'x' which would allow those who care to specify "%{x}A" or "%{x}a" or "%{cx}a"?