Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Joveice

Nginx, I can see post parameters in logs, even when site is running SSL. What is this?

Thanks @leonfagan71
So the issue isn't Nginx but rather me, I was putting the params in, well the params. I did not send them in the body.

Recommended Posts

Posted · Original PosterOP

Example

<ip> - - [01/May/2020:03:07:21 +0200] "POST /login?email=test&password=woobi HTTP/1.1" 419 1570 "-" "PostmanRuntime/7.24.1"

when I do it from firefox.

<ip> - - [01/May/2020:03:11:57 +0200] "POST /login HTTP/2.0" 302 366 "<url>" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"

other than the status code the only difference I see is the http version, and I have tried to understand it and I see that http 1.1 is sending over clear text, not sure if that is actually the thing as I could not find anything about that you should not use it.
Is http version the issue?
I later on proxy pass this to a ssl site so it is a ssl to ssl. But I don't like to see the variables in a post request.


Operator @ Norsk Helsenett SF. Our mission is to deliver and develop a secure, robust and appropriate national ICT infrastructure for effective interaction between healthcare and healthcare professionals.

Link to post
Share on other sites
Posted · Original PosterOP · Best Answer

Thanks @leonfagan71
So the issue isn't Nginx but rather me, I was putting the params in, well the params. I did not send them in the body.


Operator @ Norsk Helsenett SF. Our mission is to deliver and develop a secure, robust and appropriate national ICT infrastructure for effective interaction between healthcare and healthcare professionals.

Link to post
Share on other sites
Posted · Original PosterOP
On 5/2/2020 at 9:18 PM, super_teabag said:

basically this then? (this is a joke)

 

Yup 😅


Operator @ Norsk Helsenett SF. Our mission is to deliver and develop a secure, robust and appropriate national ICT infrastructure for effective interaction between healthcare and healthcare professionals.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Newegg

×