Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Is this possible to log username and password passed by GET? |
|
| Author |
|
marcins
Joined: 22 Jan 2015
Posts: 1
|
 Posted: Thu 22 Jan '15 23:38 Post subject: Is this possible to log username and password passed by GET? |
 |
|
Hi
Is this possible to log username and password passed by GET request for basic authentication?
I generate link to some part of my website by http://user:pass@myserver.com/secretcontent
It works without any problems for 90% users but some of them got information that there is password mismatch.
So I would like to log all request with information about passed login and password in text plain.
Regards |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 23 Jan '15 2:01 Post subject: |
|
|
You can log the Authorization header in the access log.
add to your LogFormat line in httpd.conf:
%{Authorization}i
When a user logs in you will see this in your access log
::1 - fred [22/Jan/2015:15:46:32 -0800] "GET /protected/ HTTP/1.1" 200 681 "Basic ZnJlZDpmbGludFN0b25l"
the ZnJlZDpmbGludFN0b25l is the username:password encoded in base64, just decode it. If you decode the one above, it will decode to:
fred:flintStone ... flintStone being the password |
|
| Back to top |
|
|
|
|
|
|
