Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-57887

Support nginx and other webservers for logging of username in access logs

XMLWordPrintable

    • MOODLE_33_STABLE
    • MOODLE_33_STABLE
    • MDL-57887-nginx-username-logging
    • Hide

      Under apache setup your CustomLog to be:

      LogFormat "%h %l -- %{MOODLEUSER}n -- %t \"%r\" %s %b " moodle
      CustomLog  ${APACHE_LOG_DIR}/access.log moodle
      

      and then confirm that all of the 3 old settings still work as they should:

      $CFG->apacheloguser = 1;
      $CFG->apacheloguser = 2;
      $CFG->apacheloguser = 3;
      

      Now simulate how this could work in nginx or any other webserver, by serving an extra header and log that instead:

      LogFormat "%h %l -- %{X-MOODLEUSER}o -- %t \"%r\" %s %b " moodle
      CustomLog ${APACHE_LOG_DIR}/access.log moodle
      

      $CFG->headerloguser = 1;
      $CFG->headerloguser = 2;
      $CFG->headerloguser = 3;
      

      You and also test this directly in your browser and see that the X-MOODLEUSER header is coming through on all requests that are authenticated. In production you'd probably strip these out so they never make it to the browser but out of scope for testing here.

      Show
      Under apache setup your CustomLog to be: LogFormat "%h %l -- %{MOODLEUSER}n -- %t \"%r\" %s %b " moodle CustomLog ${APACHE_LOG_DIR}/access.log moodle and then confirm that all of the 3 old settings still work as they should: $CFG->apacheloguser = 1; $CFG->apacheloguser = 2; $CFG->apacheloguser = 3; Now simulate how this could work in nginx or any other webserver, by serving an extra header and log that instead: LogFormat "%h %l -- %{X-MOODLEUSER}o -- %t \"%r\" %s %b " moodle CustomLog ${APACHE_LOG_DIR}/access.log moodle $CFG->headerloguser = 1; $CFG->headerloguser = 2; $CFG->headerloguser = 3; You and also test this directly in your browser and see that the X-MOODLEUSER header is coming through on all requests that are authenticated. In production you'd probably strip these out so they never make it to the browser but out of scope for testing here.

      Moodle supports logging the username under apache via the $CFG->apacheloguser mechanism using the apache_note() function. Make this a bit more generic to support any webserver by alternatively sending this as a custom header which can be logged and stripped out if needed.

      eg these would all work:

      $CFG->apacheloguser = 1;
      $CFG->apacheloguser = 2;
      $CFG->apacheloguser = 3;
       
      $CFG->headerloguser = 1;
      $CFG->headerloguser = 2;
      $CFG->headerloguser = 3;
      

            brendanheywood Brendan Heywood
            brendanheywood Brendan Heywood
            Jake Dallimore Jake Dallimore
            Dan Poltawski Dan Poltawski
            Mathieu Petit-Clair Mathieu Petit-Clair
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.