Preventing an Apache 2 Server from Logging Sensitive Data
- by jstr
Apache 2 by default logs the entire request URI including query string of every request.
What is a straight forward way to prevent an Apache 2 web server from logging sensitive data, for example passwords, credit card numbers, etc., but still log the rest of the request?
I would like to log all log-in attempts including the attempted username as Apache does by default, and prevent Apache from logging the password directly.
I have looked through the Apache 2 documentation and there doesn't appear to be an easy way to do this other than completely preventing logging of these requests (using SetEnvIf).
How can I accomplish this?