isaced
February 15, 2024, 11:12am
1
How can I read a specific field from the Response Header in a reverse proxy with Caddy and write it to a log, without returning it to the client?
For example, I want to log the UserId in my logs. I return the X-User-Id field in the reverse_proxy directive, hoping to write it to the log. Then, I use the header -X-User-Id directive to remove this field so that it is not returned to the client. However, once I remove this header, it is also absent in the logs.
/
2.7
Docker
sudo docker compose up -d
...
example.com {
reverse_proxy myservice:8080
log {
output file /var/log/myservice/access.log
}
# Remove header
header {
-X-User-Id
}
}
It’s not possible yet, but we’re working on it:
caddyserver:master ← caddyserver:extra-log-handler
opened 08:14AM - 26 Jan 24 UTC
Closes https://github.com/caddyserver/caddy/issues/5336
This adds a new handl… er `extra_log` which adds an extra field to the access logs on the way back up the request chain (after most other handlers have run, including after handler errors).
The value may be a placeholder (if the value is surrounded by `{}`) or a vars key (will do a map lookup to see if it exists) or a constant string.
```
extra_log [<matcher>] <key> <value>
```
Worth noting, `zap` doesn't validate that log fields don't overlap with existing ones when adding, so it's possible to have two log fields with the same name in the logs. For example, you might do `extra_log status not-an-int` or whatever and you'd end up with `"status": 200, "status": "not-an-int"` in the logs. We could validate that the `extra_log` key is not one of the ones we have built-in, but I'm not sure if that's worth the effort?
This isn’t what you’re asking for, but you could enable the debug global option to get the reverse_proxy logs, which do contain the proxy’s response headers before being written to the client. You could configure a logger in global options to only include those logs from http.handlers.reverse_proxy in one file.
1 Like
I had another idea which might be a little nicer, i.e. not an extra log field, but just reusing the existing user_id one in the access logs:
caddyserver:master ← caddyserver:vars-user-id
opened 11:35AM - 15 Feb 24 UTC
Context: https://caddy.community/t/logging-a-response-header-field-in-caddy-reve… rse-proxy-without-returning-to-client/22758
I was thinking, it would probably be useful to allow users to fill `http.auth.user.id` for themselves using `vars`, because then it would show up in the access logs in the dedicated `user_id` field we already have.
Example config:
```
:8881 {
log
header -X-User-Id
reverse_proxy localhost:8883 {
handle_response {
vars http.auth.user.id {rp.header.X-User-Id}
copy_response
}
}
}
:8883 {
header X-User-Id foobar
respond "yo"
}
```
Example log, notice `user_id` is filled:
```
2024/02/15 11:30:00.866 INFO http.log.access handled request {
"request": {"remote_ip": "127.0.0.1", "remote_port": "46870", "client_ip": "127.0.0.1", "proto": "HTTP/1.1", "method": "GET", "host": "localhost:8881", "uri": "/", "headers": {"User-Agent": ["curl/7.81.0"], "Accept": ["*/*"]}},
"bytes_read": 0,
"user_id": "foobar",
"duration": 0.001003354,
"size": 2,
"status": 200,
"resp_headers": {"Content-Length": ["2"], "Content-Type": ["text/plain; charset=utf-8"], "Date": ["Thu, 15 Feb 2024 11:30:00 GMT"], "Server": ["Caddy", "Caddy"]}
}
```
2 Likes
isaced
February 15, 2024, 11:44am
4
It’s cool, can it be designed to be more flexible and dynamic, not only for scenarios that require logging UserId, but also for others, such as X-Project-Id/X-Team-Id?"
extra_log (or whatever it ends up being called) will allow you to do that, yes.
1 Like
isaced
February 15, 2024, 11:58am
6
Great, I’ll look forward to extra_log (or whatever it ends up being called)…
Thank you very much for your reply.
system
March 16, 2024, 11:59am
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.