diff options
| author | Chris Pepper <pepper@apache.org> | 2003-04-09 04:08:21 +0000 |
|---|---|---|
| committer | Chris Pepper <pepper@apache.org> | 2003-04-09 04:08:21 +0000 |
| commit | 849ccfac040eb956c0c6fa3339d5ef8378aea100 (patch) | |
| tree | e9127fc75204e9ca43630822c8b85b7bd9b00458 /docs | |
| parent | 25189e690aa9f5ed42960b8b822c1ddf56764a51 (diff) | |
| download | httpd-849ccfac040eb956c0c6fa3339d5ef8378aea100.tar.gz | |
Clarify some wording.
Note this change (as previously written, it implied that 1.3.5
had this vulnerability, which is not true). I'm not sure if
"httpd 2.0" is the preferred name.
- <p>Note that in versions previous to 2.0.46 no escaping has been performed
+ <p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
on the strings from <code>%...r</code>, <code>%...i</code> and
<code>%...o</code>. This was mainly to comply with the requirements of
the Common Log Format. This implied that clients could insert control
characters into the log, so you had to be quite careful when dealing
with raw log files.</p>
- <p>For security reasons starting with 2.0.46 non-printable and
+ <p>For security reasons, starting with 2.0.46, non-printable and
other special characters are escaped mostly by using
<code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
the hexadecimal representation of the raw byte. Exceptions from this
rule are <code>"</code> and <code>\</code> which are escaped by prepending
- a backslash, and all whitespace characters that are written in their
- C-notation (<code>\n</code>, <code>\t</code> etc).</p>
+ a backslash, and all whitespace characters which are written in their
+ C-style notation (<code>\n</code>, <code>\t</code> etc).</p>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99302 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/manual/mod/mod_log_config.xml | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/docs/manual/mod/mod_log_config.xml b/docs/manual/mod/mod_log_config.xml index 3eb3cee991..d81cb48163 100644 --- a/docs/manual/mod/mod_log_config.xml +++ b/docs/manual/mod/mod_log_config.xml @@ -33,8 +33,8 @@ <p>The format argument to the <directive module="mod_log_config" >LogFormat</directive> and <directive module="mod_log_config" >CustomLog</directive> directives is a string. This string is - logged to the log file for each request. It can contain literal - characters copied into the log files and the c-type control + used to log each request to the log file. It can contain literal + characters copied into the log files and the C-style control characters "\n" and "\t" to represent new-lines and tabs. Literal quotes and back-slashes should be escaped with back-slashes.</p> @@ -185,20 +185,20 @@ "%!200,304,302{Referer}i" logs <code>Referer:</code> on all requests which did <em>not</em> return some sort of normal status.</p> - <p>Note that in versions previous to 2.0.46 no escaping has been performed + <p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed on the strings from <code>%...r</code>, <code>%...i</code> and <code>%...o</code>. This was mainly to comply with the requirements of the Common Log Format. This implied that clients could insert control characters into the log, so you had to be quite careful when dealing with raw log files.</p> - <p>For security reasons starting with 2.0.46 non-printable and + <p>For security reasons, starting with 2.0.46, non-printable and other special characters are escaped mostly by using <code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for the hexadecimal representation of the raw byte. Exceptions from this rule are <code>"</code> and <code>\</code> which are escaped by prepending - a backslash, and all whitespace characters that are written in their - C-notation (<code>\n</code>, <code>\t</code> etc).</p> + a backslash, and all whitespace characters which are written in their + C-style notation (<code>\n</code>, <code>\t</code> etc).</p> <p>Some commonly used log format strings are:</p> @@ -272,7 +272,7 @@ characteristics using environment variables.</p> <p>The first argument, which specifies the location to which - the logs will be written, can take on one of the following two + the logs will be written, can take one of the following two types of values:</p> <dl> @@ -286,7 +286,7 @@ input. <note type="warning"><title>Security:</title> - <p>If a program is used, then it will be run under the user who + <p>If a program is used, then it will be run as the user who started httpd. This will be root if the server was started by root; be sure that the program is secure.</p> </note> @@ -316,8 +316,8 @@ CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b" </example> - <p>The third argument is optional and allows the decision on - whether or not to log a particular request to be based on the + <p>The third argument is optional and controls whether or + not to log a particular request based on the presence or absence of a particular variable in the server environment. If the specified <a href="../env.html">environment variable</a> is set for the request (or is not set, in the case @@ -357,7 +357,7 @@ this directive sets the log format which will be used by logs specified in subsequent <directive>TransferLog</directive> directives. The single argument can specify an explicit - <var>format</var> as discussed in <a href="#formats">custom log + <var>format</var> as discussed in the <a href="#formats">custom log formats</a> section above. Alternatively, it can use a <var>nickname</var> to refer to a log format defined in a previous <directive>LogFormat</directive> directive as described @@ -375,7 +375,7 @@ it the default. Therefore, it will not affect subsequent <directive module="mod_log_config">TransferLog</directive> directives. In addition, <directive>LogFormat</directive> cannot use one nickname - to define another nickname. Note, that the nickname should not contain + to define another nickname. Note that the nickname should not contain percent signs (<code>%</code>).</p> <example><title>Example</title> @@ -398,7 +398,7 @@ to be specified explicitly or for conditional logging of requests. Instead, the log format is determined by the most recently specified <directive module="mod_log_config">LogFormat</directive> directive - (which does not define a nickname). Common Log Format is used if no + which does not define a nickname. Common Log Format is used if no other format has been specified.</p> <example><title>Example</title> |