diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index c35475a797..cbb37cd62b 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -466,6 +466,11 @@ use = egg:swift#proxy_logging # access_log_statsd_metric_prefix = # access_log_headers = false # +# If access_log_headers is True and access_log_headers_only is set only +# these headers are logged. Multiple headers can be defined as comma separated +# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime +# access_log_headers_only = +# # By default, the X-Auth-Token is logged. To obscure the value, # set reveal_sensitive_prefix to the number of characters to log. # For example, if set to 12, only the first 12 characters of the diff --git a/swift/common/middleware/proxy_logging.py b/swift/common/middleware/proxy_logging.py index 049cde06f3..e3b3b89ae9 100644 --- a/swift/common/middleware/proxy_logging.py +++ b/swift/common/middleware/proxy_logging.py @@ -77,7 +77,7 @@ from urllib import quote, unquote from swift.common.swob import Request from swift.common.utils import (get_logger, get_remote_client, get_valid_utf8_str, config_true_value, - InputProxy) + InputProxy, list_from_csv) from swift.common.constraints import MAX_HEADER_SIZE QUOTE_SAFE = '/:' @@ -93,6 +93,10 @@ class ProxyLoggingMiddleware(object): self.log_hdrs = config_true_value(conf.get( 'access_log_headers', conf.get('log_headers', 'no'))) + log_hdrs_only = list_from_csv(conf.get( + 'access_log_headers_only', '')) + self.log_hdrs_only = [x.title() for x in log_hdrs_only] + # The leading access_* check is in case someone assumes that # log_statsd_valid_http_methods behaves like the other log_statsd_* # settings. @@ -151,8 +155,14 @@ class ProxyLoggingMiddleware(object): the_request = the_request + '?' + req.query_string logged_headers = None if self.log_hdrs: - logged_headers = '\n'.join('%s: %s' % (k, v) - for k, v in req.headers.items()) + if self.log_hdrs_only: + logged_headers = '\n'.join('%s: %s' % (k, v) + for k, v in req.headers.items() + if k in self.log_hdrs_only) + else: + logged_headers = '\n'.join('%s: %s' % (k, v) + for k, v in req.headers.items()) + method = self.method_from_req(req) end_gmtime_str = time.strftime('%d/%b/%Y/%H/%M/%S', time.gmtime(end_time)) diff --git a/test/unit/common/middleware/test_proxy_logging.py b/test/unit/common/middleware/test_proxy_logging.py index 9663de6858..7e0744a4be 100644 --- a/test/unit/common/middleware/test_proxy_logging.py +++ b/test/unit/common/middleware/test_proxy_logging.py @@ -343,6 +343,26 @@ class TestProxyLogging(unittest.TestCase): headers = unquote(log_parts[14]).split('\n') self.assert_('Host: localhost:80' in headers) + def test_access_log_headers_only(self): + app = proxy_logging.ProxyLoggingMiddleware( + FakeApp(), {'log_headers': 'yes', + 'access_log_headers_only': 'FIRST, seCond'}) + app.access_logger = FakeLogger() + req = Request.blank('/', + environ={'REQUEST_METHOD': 'GET'}, + headers={'First': '1', + 'Second': '2', + 'Third': '3'}) + resp = app(req.environ, start_response) + # exhaust generator + [x for x in resp] + log_parts = self._log_parts(app) + headers = unquote(log_parts[14]).split('\n') + self.assert_('First: 1' in headers) + self.assert_('Second: 2' in headers) + self.assert_('Third: 3' not in headers) + self.assert_('Host: localhost:80' not in headers) + def test_upload_size(self): app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {'log_headers': 'yes'})