Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-57887

Support nginx and other webservers for logging of username in access logs

    XMLWordPrintable

Details

    • MOODLE_33_STABLE
    • MOODLE_33_STABLE
    • MDL-57887-nginx-username-logging
    • Hide

      Under apache setup your CustomLog to be:

      LogFormat "%h %l -- %{MOODLEUSER}n -- %t \"%r\" %s %b " moodle
      CustomLog  ${APACHE_LOG_DIR}/access.log moodle
      

      and then confirm that all of the 3 old settings still work as they should:

      $CFG->apacheloguser = 1;
      $CFG->apacheloguser = 2;
      $CFG->apacheloguser = 3;
      

      Now simulate how this could work in nginx or any other webserver, by serving an extra header and log that instead:

      LogFormat "%h %l -- %{X-MOODLEUSER}o -- %t \"%r\" %s %b " moodle
      CustomLog ${APACHE_LOG_DIR}/access.log moodle
      

      $CFG->headerloguser = 1;
      $CFG->headerloguser = 2;
      $CFG->headerloguser = 3;
      

      You and also test this directly in your browser and see that the X-MOODLEUSER header is coming through on all requests that are authenticated. In production you'd probably strip these out so they never make it to the browser but out of scope for testing here.

      Show
      Under apache setup your CustomLog to be: LogFormat "%h %l -- %{MOODLEUSER}n -- %t \"%r\" %s %b " moodle CustomLog ${APACHE_LOG_DIR}/access.log moodle and then confirm that all of the 3 old settings still work as they should: $CFG->apacheloguser = 1; $CFG->apacheloguser = 2; $CFG->apacheloguser = 3; Now simulate how this could work in nginx or any other webserver, by serving an extra header and log that instead: LogFormat "%h %l -- %{X-MOODLEUSER}o -- %t \"%r\" %s %b " moodle CustomLog ${APACHE_LOG_DIR}/access.log moodle $CFG->headerloguser = 1; $CFG->headerloguser = 2; $CFG->headerloguser = 3; You and also test this directly in your browser and see that the X-MOODLEUSER header is coming through on all requests that are authenticated. In production you'd probably strip these out so they never make it to the browser but out of scope for testing here.

    Description

      Moodle supports logging the username under apache via the $CFG->apacheloguser mechanism using the apache_note() function. Make this a bit more generic to support any webserver by alternatively sending this as a custom header which can be logged and stripped out if needed.

      eg these would all work:

      $CFG->apacheloguser = 1;
      $CFG->apacheloguser = 2;
      $CFG->apacheloguser = 3;
       
      $CFG->headerloguser = 1;
      $CFG->headerloguser = 2;
      $CFG->headerloguser = 3;
      

      Attachments

        Issue Links

          Activity

            People

              brendanheywood Brendan Heywood
              brendanheywood Brendan Heywood
              Jake Dallimore Jake Dallimore
              Dan Poltawski Dan Poltawski
              Mathieu Petit-Clair Mathieu Petit-Clair
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                15/May/17