fix: timestamp uses r->request_time; remove unparsed_uri, fragment from architecture
- FIX: timestamp JSON field now uses r->request_time (set at request reception by Apache) instead of apr_time_now() called during log processing - DOC: remove unparsed_uri and fragment fields from architecture.yml data model (these fields are not logged by the module) - DOC: update example_full and timestamp description in architecture.yml Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
@ -98,7 +98,7 @@ module:
|
|||||||
description: >
|
description: >
|
||||||
Wall-clock timestamp in microseconds since Unix epoch, expressed
|
Wall-clock timestamp in microseconds since Unix epoch, expressed
|
||||||
as nanoseconds for compatibility (multiplied by 1000).
|
as nanoseconds for compatibility (multiplied by 1000).
|
||||||
Note: apr_time_now() returns microseconds with microsecond precision.
|
Uses r->request_time (set by Apache at request reception).
|
||||||
The nanosecond representation is for API compatibility only.
|
The nanosecond representation is for API compatibility only.
|
||||||
example: 1708948770000000000
|
example: 1708948770000000000
|
||||||
- name: scheme
|
- name: scheme
|
||||||
@ -120,12 +120,6 @@ module:
|
|||||||
- name: method
|
- name: method
|
||||||
type: string
|
type: string
|
||||||
example: "GET"
|
example: "GET"
|
||||||
- name: unparsed_uri
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
Raw, uncleaned URI exactly as requested by the client (r->unparsed_uri).
|
|
||||||
Essential for detecting Path Traversal or bot anomalies before Apache normalizes it.
|
|
||||||
example: "//dossier/../api/users"
|
|
||||||
- name: path
|
- name: path
|
||||||
type: string
|
type: string
|
||||||
description: Cleaned and normalized path (r->parsed_uri.path).
|
description: Cleaned and normalized path (r->parsed_uri.path).
|
||||||
@ -137,12 +131,6 @@ module:
|
|||||||
Does not include the leading '?'. Allows detection of payloads like
|
Does not include the leading '?'. Allows detection of payloads like
|
||||||
SQLi or XSS passed in GET requests.
|
SQLi or XSS passed in GET requests.
|
||||||
example: "id=1%20UNION%20SELECT"
|
example: "id=1%20UNION%20SELECT"
|
||||||
- name: fragment
|
|
||||||
type: string
|
|
||||||
description: >
|
|
||||||
Fragment component from the parsed URI (r->parsed_uri.fragment).
|
|
||||||
Does not include the leading '#'.
|
|
||||||
example: "section1"
|
|
||||||
- name: host
|
- name: host
|
||||||
type: string
|
type: string
|
||||||
example: "example.com"
|
example: "example.com"
|
||||||
@ -174,7 +162,7 @@ module:
|
|||||||
header_X-Request-Id: "abcd-1234"
|
header_X-Request-Id: "abcd-1234"
|
||||||
header_User-Agent: "curl/7.70.0"
|
header_User-Agent: "curl/7.70.0"
|
||||||
example_full: |
|
example_full: |
|
||||||
{"time":"2026-02-26T11:59:30Z","timestamp":1708948770000000000,"scheme":"https","src_ip":"192.0.2.10","src_port":45678,"dst_ip":"198.51.100.5","dst_port":443,"method":"GET","unparsed_uri":"//api/users?id=1#section","path":"/api/users","query":"id=1","fragment":"section","host":"example.com","http_version":"HTTP/1.1","keepalives":0,"content_length":0,"header_X-Request-Id":"abcd-1234","header_User-Agent":"curl/7.70.0"}
|
{"time":"2026-02-26T11:59:30Z","timestamp":1708948770000000000,"scheme":"https","src_ip":"192.0.2.10","src_port":45678,"dst_ip":"198.51.100.5","dst_port":443,"method":"GET","path":"/api/users","query":"id=1","host":"example.com","http_version":"HTTP/1.1","keepalives":0,"content_length":0,"header_X-Request-Id":"abcd-1234","header_User-Agent":"curl/7.70.0"}
|
||||||
|
|
||||||
configuration:
|
configuration:
|
||||||
scope: global
|
scope: global
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
%global spec_version 1.0.14
|
%global spec_version 1.0.15
|
||||||
|
|
||||||
Name: mod_reqin_log
|
Name: mod_reqin_log
|
||||||
Version: %{spec_version}
|
Version: %{spec_version}
|
||||||
@ -37,6 +37,11 @@ install -m 644 %{_pkgroot}/%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf %{buil
|
|||||||
%doc %{_docdir}/%{name}
|
%doc %{_docdir}/%{name}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 05 2026 Developer <dev@example.com> - 1.0.15
|
||||||
|
- FIX: timestamp field now uses r->request_time (request reception time) instead of apr_time_now()
|
||||||
|
- DOC: Remove unparsed_uri and fragment fields from architecture.yml (not logged)
|
||||||
|
- DOC: Update timestamp description and example_full in architecture.yml
|
||||||
|
|
||||||
* Mon Mar 02 2026 Developer <dev@example.com> - 1.0.14
|
* Mon Mar 02 2026 Developer <dev@example.com> - 1.0.14
|
||||||
- REFACTOR: Harmonize JSON field construction - all fields now end with comma
|
- REFACTOR: Harmonize JSON field construction - all fields now end with comma
|
||||||
- FIX: Remove duplicate comma between query and host fields
|
- FIX: Remove duplicate comma between query and host fields
|
||||||
|
|||||||
@ -731,10 +731,9 @@ static void log_request(request_rec *r, reqin_log_config_t *cfg, reqin_log_child
|
|||||||
format_iso8601(&buf, r->request_time);
|
format_iso8601(&buf, r->request_time);
|
||||||
dynbuf_append(&buf, "\",", 2);
|
dynbuf_append(&buf, "\",", 2);
|
||||||
|
|
||||||
/* timestamp (nanoseconds since epoch) */
|
/* timestamp (nanoseconds since epoch, from request reception time) */
|
||||||
{
|
{
|
||||||
apr_time_t now = apr_time_now();
|
apr_uint64_t ns = ((apr_uint64_t)r->request_time) * APR_UINT64_C(1000);
|
||||||
apr_uint64_t ns = ((apr_uint64_t)now) * APR_UINT64_C(1000);
|
|
||||||
char ts_buf[32];
|
char ts_buf[32];
|
||||||
snprintf(ts_buf, sizeof(ts_buf), "%" APR_UINT64_T_FMT, ns);
|
snprintf(ts_buf, sizeof(ts_buf), "%" APR_UINT64_T_FMT, ns);
|
||||||
dynbuf_append(&buf, "\"timestamp\":", 12);
|
dynbuf_append(&buf, "\"timestamp\":", 12);
|
||||||
|
|||||||
Reference in New Issue
Block a user