5 Replies Latest reply on Feb 9, 2015 10:05 AM by xkylex

Any way to get scheme (http or https) in access-log?

xkylex Feb 8, 2015 10:05 AM

Hello, I'm configuring access-log of Undertow, and want to record what scheme (http or https) was used in each request, but I can't found any pattern to achieve it in following documentation.

https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/accesslog/AccessLogHandler.java#L39

I tried %{r,scheme} but it doesn't work. it looks like that it invokes ServletRequest#getAttribute("scheme"), not getScheme() as I expected. is there any way to achieve it?

Thanks.

1. Re: Any way to get scheme (http or https) in access-log?

xkylex Feb 9, 2015 9:44 AM (in response to xkylex)

I still can't get scheme in the pattern though, I found a workaround which is configuring an another server element and define its access-log element separately. now I can identify which scheme was used anyway. I configured with jboss-cli as follows:

/subsystem=undertow/server=ssl-server:add
:reload
/subsystem=undertow/server=ssl-server/host=default-host:add(alias=["localhost"])
/subsystem=undertow/server=ssl-server/host=default-host/location="/":add(handler="welcome-content")
/subsystem=undertow/server=ssl-server/host=default-host/setting=access-log:add(\
directory="${jboss.server.log.dir}/ssl-server", \
pattern="%h %l %u [%t] \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\"")
/subsystem=undertow/server=ssl-server/https-listener=myHttpsListener:add( \
socket-binding="https", \
security-realm="CertificateRealm")

UPDATE: this solution brings an another issue to me. see: Any way to share an deployment between multiple server instances?
Actions
2. Re: Any way to get scheme (http or https) in access-log?

ctomc Feb 9, 2015 6:25 AM (in response to xkylex)

What is wrong with using "%H" in pattern?

%H outputs protocol that was used to access the resource, which is in most cases same as scheme.
I say most, as in some scenarios when you are behind proxy it could be different.
Actions
3. Re: Any way to get scheme (http or https) in access-log?

xkylex Feb 9, 2015 9:00 AM (in response to ctomc)

Thanks for the reply, sorry I deleted the previous reply because I'm not sure whether I really tested "%H" against https-listener. now I just tested "%H" again. config:

/core-service=management/security-realm=CertificateRealm:add
/core-service=management/security-realm=CertificateRealm/server-identity=ssl:add( \
keystore-path="mykeystore.jks", \
keystore-relative-to="jboss.server.config.dir", \
keystore-password="***")

/subsystem=undertow/server=default-server/https-listener=myHttpsListener:add( \
socket-binding="https", \
security-realm="CertificateRealm")

/subsystem=undertow/server=default-server/host=default-host/setting=access-log:add
/subsystem=undertow/server=default-server/host=default-host/setting=access-log:write-attribute(name=pattern, value="%h %l %u [%t] \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\" Protocol: %H")

Sending request:

curl https://localhost:8443/ --insecure

Log:

127.0.0.1 - - [09/Feb/2015:21:14:56 +0900] "GET / HTTP/1.1" 200 2429 "-" "curl/7.30.0" Protocol: HTTP/1.1

Unfortunately there's no sign of https. I got exactly same log on sending either http or https.
Actions
4. Re: Any way to get scheme (http or https) in access-log?

ctomc Feb 9, 2015 9:18 AM (in response to xkylex)

Ah, that was before my coffee today oh well..

This sounds as useful enhancement we should have in access log.
Can you create enhancement request in Undertow - JBoss Issue Tracker so we can add this.
1 of 1 people found this helpful
Actions
5. Re: Any way to get scheme (http or https) in access-log?

xkylex Feb 9, 2015 10:05 AM (in response to ctomc)

I created an issue. thanks.
[UNDERTOW-383] Introducing additional pattern for access-log - JBoss Issue Tracker
Actions

Go to original post