Closed tommathee closed 1 month ago
That should be possible to do in the next iteration -> around Q3/24.
This option is already available. In Fact logs are written on debug level (which is for most cases preferred in this case). To enable Redirect logging just add the following section to the application.yaml file:
logging:
level:
root: WARN
org:
owasp: INFO
oag.filters.spring.HttpRedirectFilter: DEBUG
I'll add a documentation section for this.
Example: Currently, the OWASP Application Gateway effectively redirects HTTP requests to HTTPS as part of its security protocol. However, no logs are generated for these redirection events. Enhanced logging for these actions would greatly improve the ability to monitor and verify the redirection process.
Observed Behavior:
Expected Behavior:
Suggested Enhancement:
I propose implementing detailed logging not only for HTTP to HTTPS redirections within the gateway, but all possible functionalities. This would involve capturing and reporting key data about each redirection event in the gateway's logs.
Proposed Log Format for HTTPS redirection:
INFO - Response status code 301 Moved Permanently for GET http://xxx.com
INFO - Redirecting to https://xxx.com (HTTP to HTTPS Redirection Rule applied)