Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-57887

Support nginx and other webservers for logging of username in access logs

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Under apache setup your CustomLog to be:

      LogFormat "%h %l -- %{MOODLEUSER}n -- %t \"%r\" %s %b " moodle
      CustomLog  ${APACHE_LOG_DIR}/access.log moodle
      

      and then confirm that all of the 3 old settings still work as they should:

      $CFG->apacheloguser = 1;
      $CFG->apacheloguser = 2;
      $CFG->apacheloguser = 3;
      

      Now simulate how this could work in nginx or any other webserver, by serving an extra header and log that instead:

      LogFormat "%h %l -- %{X-MOODLEUSER}o -- %t \"%r\" %s %b " moodle
      CustomLog ${APACHE_LOG_DIR}/access.log moodle
      

      $CFG->headerloguser = 1;
      $CFG->headerloguser = 2;
      $CFG->headerloguser = 3;
      

      You and also test this directly in your browser and see that the X-MOODLEUSER header is coming through on all requests that are authenticated. In production you'd probably strip these out so they never make it to the browser but out of scope for testing here.

      Show
      Under apache setup your CustomLog to be: LogFormat "%h %l -- %{MOODLEUSER}n -- %t \"%r\" %s %b " moodle CustomLog ${APACHE_LOG_DIR}/access.log moodle and then confirm that all of the 3 old settings still work as they should: $CFG->apacheloguser = 1; $CFG->apacheloguser = 2; $CFG->apacheloguser = 3; Now simulate how this could work in nginx or any other webserver, by serving an extra header and log that instead: LogFormat "%h %l -- %{X-MOODLEUSER}o -- %t \"%r\" %s %b " moodle CustomLog ${APACHE_LOG_DIR}/access.log moodle $CFG->headerloguser = 1; $CFG->headerloguser = 2; $CFG->headerloguser = 3; You and also test this directly in your browser and see that the X-MOODLEUSER header is coming through on all requests that are authenticated. In production you'd probably strip these out so they never make it to the browser but out of scope for testing here.
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE
    • Pull Master Branch:
      MDL-57887-nginx-username-logging

      Description

      Moodle supports logging the username under apache via the $CFG->apacheloguser mechanism using the apache_note() function. Make this a bit more generic to support any webserver by alternatively sending this as a custom header which can be logged and stripped out if needed.

      eg these would all work:

      $CFG->apacheloguser = 1;
      $CFG->apacheloguser = 2;
      $CFG->apacheloguser = 3;
       
      $CFG->headerloguser = 1;
      $CFG->headerloguser = 2;
      $CFG->headerloguser = 3;
      

        Attachments

          Activity

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/May/17