c2e1221e5a
release: version 1.0.2 - Audit security fixes and RPM packaging
...
Security hardening:
- Add input sanitization for method (32), path (2048), host (256), http_version (16)
- Prevent log injection via oversized HTTP values
- Add LOG_THROTTLED macro for consistent error reporting
- Improve socket state double-check pattern to avoid unnecessary reconnects
Code quality:
- Fix const qualifier warnings in get_header()
- Add flags field to module definition
- Add -Wno-error=format-security for compatibility
Documentation:
- Clarify timestamp precision (microseconds expressed as nanoseconds)
- Update README and architecture.yml
Testing:
- Add 4 unit tests for input sanitization
- All 78 tests passing
Packaging:
- Remove DEB package support (RPM only: el8, el9, el10)
- Add CHANGELOG file included in RPM packages
- Bump version to 1.0.2
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com >
2026-02-28 21:45:06 +01:00
46291898e1
fix: renforcer la robustesse du module et étendre les tests/CI
...
Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat >
2026-02-28 20:28:40 +01:00
a935ed1641
ci: migrate to GitLab CI with multi-distribution RPM builds
...
- Replace GitHub Actions with GitLab CI using Docker-in-Docker
- Build 3 RPMs (el7, el8, el9) + 1 DEB from Dockerfile.package
- Add verify jobs for each target distribution
- Remove obsolete files:
- Dockerfile, Dockerfile.test-socket (replaced by Dockerfile.package)
- scripts/socket_consumer.py, scripts/socket_listener.py
- scripts/test_unix_socket.sh, scripts/run_integration_tests.sh
- Update README.md with new package targets
- Update architecture.yml for GitLab CI workflow
Breaks: Single RPM no longer supported (glibc incompatibility)
Replaced by: Distribution-specific RPMs (el7, el8, el9)
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com >
2026-02-28 16:06:57 +01:00
2fc3f92cf8
docs: update README with new Docker-based packaging
...
- Update installation section to use Docker-based packaging
- Replace rpmbuild and debhelper commands with make package-* targets
- Document new unified packaging workflow with fpm
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com >
2026-02-27 16:17:46 +01:00
b5d093f8cb
Docs: update security documentation and hardening notes
...
architecture.yml:
- Update header_handling: document built-in sensitive headers blacklist
- Expand security section with hardening measures
- Add socket permissions, path recommendations, environment variable
README.md:
- Add new 'Built-in Sensitive Headers Blacklist' section
- Document all blocked headers (Authorization, Cookie, X-Api-Key, etc.)
- Update socket security: permissions 0o660, /var/run path, group membership
- Add hardening features: path validation, JSON size limit, NULL checks, mutex
- Fix JSON example (remove extra closing brace)
- Update socket consumer example with secure permissions (0o660)
- Add MOD_REQIN_LOG_SOCKET environment variable to example
- Update Fields table: header_<Name> flat structure description
- Add note about automatic sensitive header exclusion
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com >
2026-02-26 23:41:51 +01:00
66549acf5c
Initial commit: mod_reqin_log Apache module
...
Features:
- JSON logging of HTTP requests to Unix domain socket
- Configurable HTTP headers logging (flat JSON structure)
- Header value truncation and count limits
- Automatic reconnect on socket disconnection
- Error reporting with throttling
Configuration directives:
- JsonSockLogEnabled: Enable/disable logging
- JsonSockLogSocket: Unix socket path
- JsonSockLogHeaders: List of headers to log
- JsonSockLogMaxHeaders: Maximum headers to log
- JsonSockLogMaxHeaderValueLen: Max header value length
- JsonSockLogReconnectInterval: Reconnect delay
- JsonSockLogErrorReportInterval: Error log throttle
Includes:
- Module source code (src/)
- Unit and integration tests (tests/, scripts/)
- Documentation (README.md, architecture.yml)
- Build configuration (CMakeLists.txt, Makefile)
- Packaging (deb/rpm)
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com >
2026-02-26 13:55:07 +01:00
