I am trying to add some additional logging information when accessing phpMyAdmin through Nginx but I am having some issues trying to figure out a way to pass the information to Nginx without making it publicly viewable. The main thing is that I am trying to include the username/status that is "logged" inside of the libraries/logging.lib.php file during the PMA_logUser function. If you are not sure what this function is then I will include it here.
function PMA_logUser($user, $status = 'ok')
{
if (function_exists('apache_note')) {
apache_note('userID', $user);
apache_note('userStatus', $status);
}
}
This allows you to take the userID and userStatus and pass information between modules. Mostly people use this to add addition information for logging so that can check to see if someone is bruteforcing the password or something similar. I have tried to do some searching and can't find a good alternative for Nginx. I made some changes and did the following to add the information to the headers.
function PMA_logUser($user, $status = 'ok')
{
if (function_exists('apache_note')) {
apache_note('userID', $user);
apache_note('userStatus', $status);
} else {
header("userID: $user");
header("userStatus: $status");
}
}
This does allow me to add $sent_http_userID
and $sent_http_userStatus
to a custom log_format to include it in my logs. But this will make it publicly visible. I tried compiling Nginx with the Headers More module and adding the following to the end of my server configuration
more_clear_headers 'userID';
more_clear_headers 'userStatus';
This will prevent it from being sent to the person trying to login, but with these changes it will prevent me from logging the information that I am looking for. Is there any suggestions?