You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Example: Currently, the OWASP Application Gateway effectively redirects HTTP requests to HTTPS as part of its security protocol. However, no logs are generated for these redirection events. Enhanced logging for these actions would greatly improve the ability to monitor and verify the redirection process.
Observed Behavior:
HTTP requests are redirected to HTTPS.
No logs are produced to confirm or detail the redirection process.
Expected Behavior:
HTTP requests are redirected to HTTPS.
Detailed logs should be generated for each redirection event, capturing information such as the original HTTP request and the HTTPS URL to which it was redirected.
Suggested Enhancement:
I propose implementing detailed logging not only for HTTP to HTTPS redirections within the gateway, but all possible functionalities. This would involve capturing and reporting key data about each redirection event in the gateway's logs.
Proposed Log Format for HTTPS redirection: INFO - Response status code 301 Moved Permanently for GET http://xxx.com INFO - Redirecting to https://xxx.com (HTTP to HTTPS Redirection Rule applied)
The text was updated successfully, but these errors were encountered:
This option is already available. In Fact logs are written on debug level (which is for most cases preferred in this case). To enable Redirect logging just add the following section to the application.yaml file:
logging:
level:
root: WARN
org:
owasp: INFO
oag.filters.spring.HttpRedirectFilter: DEBUG
Example: Currently, the OWASP Application Gateway effectively redirects HTTP requests to HTTPS as part of its security protocol. However, no logs are generated for these redirection events. Enhanced logging for these actions would greatly improve the ability to monitor and verify the redirection process.
Observed Behavior:
Expected Behavior:
Suggested Enhancement:
I propose implementing detailed logging not only for HTTP to HTTPS redirections within the gateway, but all possible functionalities. This would involve capturing and reporting key data about each redirection event in the gateway's logs.
Proposed Log Format for HTTPS redirection:
INFO - Response status code 301 Moved Permanently for GET http://xxx.com
INFO - Redirecting to https://xxx.com (HTTP to HTTPS Redirection Rule applied)
The text was updated successfully, but these errors were encountered: