Jump to content

Nginx, I can see post parameters in logs, even when site is running SSL. What is this?

Go to solution Solved by Joveice,

Thanks @leonfagan71
So the issue isn't Nginx but rather me, I was putting the params in, well the params. I did not send them in the body.

Example

<ip> - - [01/May/2020:03:07:21 +0200] "POST /login?email=test&password=woobi HTTP/1.1" 419 1570 "-" "PostmanRuntime/7.24.1"

when I do it from firefox.

<ip> - - [01/May/2020:03:11:57 +0200] "POST /login HTTP/2.0" 302 366 "<url>" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"

other than the status code the only difference I see is the http version, and I have tried to understand it and I see that http 1.1 is sending over clear text, not sure if that is actually the thing as I could not find anything about that you should not use it.
Is http version the issue?
I later on proxy pass this to a ssl site so it is a ssl to ssl. But I don't like to see the variables in a post request.

Back-end developer, electronics "hacker"

Link to comment
Share on other sites

Link to post
Share on other sites

Thanks @leonfagan71
So the issue isn't Nginx but rather me, I was putting the params in, well the params. I did not send them in the body.

Back-end developer, electronics "hacker"

Link to comment
Share on other sites

Link to post
Share on other sites

On 5/2/2020 at 9:18 PM, super_teabag said:

basically this then? (this is a joke)

 

Yup 😅

Back-end developer, electronics "hacker"

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×