fix: timestamp uses r->request_time; remove unparsed_uri, fragment from architecture

- FIX: timestamp JSON field now uses r->request_time (set at request reception by Apache) instead of apr_time_now() called during log processing - DOC: remove unparsed_uri and fragment fields from architecture.yml data model (these fields are not logged by the module) - DOC: update example_full and timestamp description in architecture.yml Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-05 14:42:00 +01:00
parent ae933fcf5a
commit 54d210978f
3 changed files with 10 additions and 18 deletions
--- a/architecture.yml
+++ b/architecture.yml
@ -98,7 +98,7 @@ module:
          description: >
            Wall-clock timestamp in microseconds since Unix epoch, expressed
            as nanoseconds for compatibility (multiplied by 1000).
-            Note: apr_time_now() returns microseconds with microsecond precision.
+            Uses r->request_time (set by Apache at request reception).
            The nanosecond representation is for API compatibility only.
          example: 1708948770000000000
        - name: scheme
@ -120,12 +120,6 @@ module:
        - name: method
          type: string
          example: "GET"
-        - name: unparsed_uri
-          type: string
-          description: >
-            Raw, uncleaned URI exactly as requested by the client (r->unparsed_uri).
-            Essential for detecting Path Traversal or bot anomalies before Apache normalizes it.
-          example: "//dossier/../api/users"
        - name: path
          type: string
          description: Cleaned and normalized path (r->parsed_uri.path).
@ -137,12 +131,6 @@ module:
            Does not include the leading '?'. Allows detection of payloads like
            SQLi or XSS passed in GET requests.
          example: "id=1%20UNION%20SELECT"
-        - name: fragment
-          type: string
-          description: >
-            Fragment component from the parsed URI (r->parsed_uri.fragment).
-            Does not include the leading '#'.
-          example: "section1"
        - name: host
          type: string
          example: "example.com"
@ -174,7 +162,7 @@ module:
            header_X-Request-Id: "abcd-1234"
            header_User-Agent: "curl/7.70.0"
      example_full: |
-        {"time":"2026-02-26T11:59:30Z","timestamp":1708948770000000000,"scheme":"https","src_ip":"192.0.2.10","src_port":45678,"dst_ip":"198.51.100.5","dst_port":443,"method":"GET","unparsed_uri":"//api/users?id=1#section","path":"/api/users","query":"id=1","fragment":"section","host":"example.com","http_version":"HTTP/1.1","keepalives":0,"content_length":0,"header_X-Request-Id":"abcd-1234","header_User-Agent":"curl/7.70.0"}
+        {"time":"2026-02-26T11:59:30Z","timestamp":1708948770000000000,"scheme":"https","src_ip":"192.0.2.10","src_port":45678,"dst_ip":"198.51.100.5","dst_port":443,"method":"GET","path":"/api/users","query":"id=1","host":"example.com","http_version":"HTTP/1.1","keepalives":0,"content_length":0,"header_X-Request-Id":"abcd-1234","header_User-Agent":"curl/7.70.0"}

 configuration:
  scope: global