cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

💡cloudflared tunnel - do not log sensitive headers

Open eherde opened this issue 1 year ago • 1 comments

Describe the feature you'd like

When run with log level debug, cloudflared logs a line like the below, including all headers.

2024-12-16T15:04:35Z DBG GET <url> HTTP/1.1 connIndex=1 content-length=0 event=1 headers=<headers> host=<host> ingressRule=0 originService=http://<origin>:<port> path=<path>

The Authorization header is particularly sensitive and not one we want appearing in our logs. I'd like to be able to set logging to debug in production without concern for a potential security risk.

eherde avatar Dec 16 '24 21:12 eherde

Is this possible?

Checkm3out avatar May 02 '25 20:05 Checkm3out