Escape characters in log files

Manlio Perillo manlio_perillo at
Tue Jan 15 11:48:39 MSK 2008

David Phillips ha scritto:
> nginx does not escape logged variables.  This makes it impossible to
> reliably parse log entries.  This is what Apache does:

Can you post an example, thanks?

>    For security reasons, starting with version 2.0.46, non-printable
>    and other special characters in %r, %i and %o are escaped using
>    \xhh sequences, where hh  stands for the hexadecimal representation
>    of the raw byte. Exceptions from this rule are " and \, which are
>    escaped by prepending a backslash, and all whitespace characters,
>    which are written in their C-style notation (\n, \t, etc). In
>    versions prior to 2.0.46, no escaping was performed on these strings
>    so you had to be quite careful when dealing with raw log files.
> I would like to fix this in nginx.  What is the best way to handle this issue?

Modify the http log module.

I think you only need to modify the ngx_http_log_variable_getlen and 
ngx_http_log_variable functions.


Manlio Perillo

More information about the nginx mailing list