Enable SM headers in Apache Proxy logging
search cancel

Enable SM headers in Apache Proxy logging

book

Article ID: 273908

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) SITEMINDER

Issue/Introduction

 

Running Web Agent on Apache Reverse Proxy, how to make details of the headers that Apache handles printed in the access.log?

 

Resolution

 

At first glance, Apache offers the module mod_log_forensic to show requests in details:

httpd.conf:

LoadModule log_forensic_module modules/mod_log_forensic.so (1).

Here's a sample of such a request logged once configured:

+6881:64d5fce4:0|GET //_host.example.com/download2.html HTTP/1.1|SM_UNIVERSALID:xxx|content-length:0|SM_TIMETOEXPIRE:7200|SM_USERDN:cn=xxx,dc=example,dc=com|Sec-Fetch-Dest:document|Accept-Encoding:gzip, deflate, br|SM_REALM:download|Sec-Fetch-Mode:navigate|SM_AUTHDIRNAMESPACE:LDAP%3a|authorization:Basic anN .. yMw==|SM_SDOMAIN:.example.com|SM_AUTHTYPE:Basic|sec-ch-ua-mobile:?0|SM_AUTHREASON:0|Upgrade-Insecure-Requests:1|connection:keep-alive|Sec-Fetch-User:?1|SM_SERVERSESSIONID:aS .. y6I=|SM_AUTHDIRSERVER:10.0.0.1%3a10392|SM_SERVERSESSIONSPEC:xd .. DNw==|cookie:SMSESSION=xqEP .. 2iY|Sec-Fetch-Site:none|SM_SESSIONDRIFT:-1|SM_REALMOID:06-0000f119-c858-14d4-85c7-0165c0a80000|accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7|sec-ch-ua:"Not/A)Brand";v="99", "Microsoft Edge";v="115", "Chromium";v="115"|Cache-Control:max-age=0|SM_AUTHDIROID:0e-0008d411-1839-1152-44558-0165c0a80000|sec-ch-ua-platform:"Windows"|SM_AUTHDIRNAME:xxx|SM_TRANSACTIONID:1c44e32e-2dd572d3-bc3db068-7364bce2-bce6b638-ee1|Accept-Language:en-US,en;q=0.9|SM_USER:xxx|SM_SERVERIDENTITYSPEC:|user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.200|Host:_host.example.com

Module dumpio can be configure to run in a similar way. Pay attention. It requires loglevel 7 and it doesn't seem to allow much options (2).

The mod_log_forensic and a filter with a combination of pipe and setenvif and customlog can add some flexibility on the output too (3).

 

Additional Information

 

(1)

    Apache Module mod_log_forensic
    

(2)

    Apache Module mod_dumpio
    

(3)

    Filter Entries from going into Apache Logs
    

Powered by Wolken Software