Merge pull request #152 from IABTechLab/ans-UID2-6248-check-bearer-token-issue

ashleysmithTTD · web-flow · commit bc9d0493af49 · 2025-12-17T13:00:08.000-05:00
minimal log format to avoid logging bearer tokens/any sensitive headers
diff --git a/tools/reverse-proxy/nginx.conf b/tools/reverse-proxy/nginx.conf
@@ -12,11 +12,10 @@ http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
 
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format  path_status  '$remote_addr - $remote_user [$time_local] $request $status';
 
     # Debug log format - shows Host header details for troubleshooting routing issues
+    # To use, switch access_log below to use debug_routing instead of path_status
     log_format  debug_routing  '$remote_addr [$time_local] "$request" '
                                'status=$status '
                                'host="$host" '
@@ -26,7 +25,7 @@ http {
                                'x_forwarded_host="$http_x_forwarded_host" '
                                'x_forwarded_proto="$http_x_forwarded_proto"';
 
-    access_log  /var/log/nginx/access.log  debug_routing;
+    access_log  /var/log/nginx/access.log  path_status;
 
     sendfile        on;
     #tcp_nopush     on;
