Validation logs

This plugin stores validation logs when Record “Logs” is enabled in Privacy and record settings section on Settings tab.

Contents in log

The followings are some of items that are stores in logs.

Request

Following the HTTP method and the port, the requested path is recorded. RFC2616 (obsoleted by RFC7231) defines 8 method, i.e. GET, POST, PUT, DELETE, HEAD, OPTIONS, TRACE, CONNECT. The definitions says:

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered “safe”. This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

But in the real world, we can find a simple hyperlink (i.e. GET method) which takes an action other than retrieval.

Anyway, we’d better take care about what’s being done by a malicious request.

$_POST data

When a request submitted by POST method is blocked, keys in $_POST environment variable are recorded into the log. The corresponded keys in “$_POST keys to be recorded with their values in logs” in Privacy and record settings section are deployed to their values in order to take a look at them.

The recommended keys are as follows:

• action
  This key is very popular in WordPress. It usually shows the process of doing something.

• comment
  It shows the contents of comment posted to wp-comments-post.php.

• log, pwd
  The login name and password posted to wp-login.php. The pwd will be masked with *** when it comes from a logged in user.

  

• FILES
  It shows the contents of HTTP File Upload variables $_FILES if POST method uploads was requested. (since 0.3.0.3)

  

Result

The column “Result” shows the validation result as the following table describes:

Live update

Independent of Privacy and record settings section, you can see all the requests validated by this plugin in almost real time.