From 4efe15c3564276fad17b188a63d33ec4eb0cf5a9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 1 Mar 2026 16:51:03 +0000
Subject: [PATCH 1/2] Initial plan


From c3acc7de3b712023042713c3523cd0f203d0eb4b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 1 Mar 2026 16:54:45 +0000
Subject: [PATCH 2/2] Add USE_EXTENDED_LOGFORMAT variable for Apache extended
 log format

Co-authored-by: fzipi <3012076+fzipi@users.noreply.github.com>
---
 README.md                   | 1 +
 apache/Dockerfile           | 1 +
 apache/Dockerfile-alpine    | 1 +
 apache/docker-entrypoint.sh | 4 ++++
 4 files changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 62b1a6c6..91f80100 100644
--- a/README.md
+++ b/README.md
@@ -209,6 +209,7 @@ These variables are common to image variants and will set defaults based on the
 | SSL_PORT | Port number where the SSL enabled webserver is listening | `8443` | - |
 | SSL_SESSION_TICKETS | A string to enable or disable the use of [TLS session tickets](https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessiontickets) (RFC 5077). (Default: `off`) |
 | TIMEOUT  | Number of seconds before receiving and sending timeout (Default: `60`) |
+| USE_EXTENDED_LOGFORMAT | A boolean value to enable the [extended log format](https://www.netnea.com/cms/apache-tutorial-5_extending-access-log/#step_4_configuring_the_new,_extended_log_format). When `true`, `APACHE_LOGFORMAT` is overridden with the extended format that includes ModSecurity anomaly scores and other extended fields. (Allowed values: `true`, `false`. Default: `false`) |
 | WORKER_CONNECTIONS  | Maximum number of MPM request worker processes (Default: `400`) |
 
 > [!NOTE]
diff --git a/apache/Dockerfile b/apache/Dockerfile
index d7f72f3e..a2648ab5 100644
--- a/apache/Dockerfile
+++ b/apache/Dockerfile
@@ -150,6 +150,7 @@ ENV \
     SSL_PROTOCOLS="all -SSLv3 -TLSv1 -TLSv1.1" \
     SSL_SESSION_TICKETS=off \
     TIMEOUT=60 \
+    USE_EXTENDED_LOGFORMAT=false \
     WORKER_CONNECTIONS=400 \
     # CRS specific variables
     ANOMALY_INBOUND=5 \
diff --git a/apache/Dockerfile-alpine b/apache/Dockerfile-alpine
index e3196daa..4f0ea544 100644
--- a/apache/Dockerfile-alpine
+++ b/apache/Dockerfile-alpine
@@ -160,6 +160,7 @@ ENV \
     SSL_PROTOCOLS="all -SSLv3 -TLSv1 -TLSv1.1" \
     SSL_SESSION_TICKETS=off \
     TIMEOUT=60 \
+    USE_EXTENDED_LOGFORMAT=false \
     WORKER_CONNECTIONS=400 \
     # CRS specific variables
     ANOMALY_INBOUND=5 \
diff --git a/apache/docker-entrypoint.sh b/apache/docker-entrypoint.sh
index a15b6be4..9db45996 100755
--- a/apache/docker-entrypoint.sh
+++ b/apache/docker-entrypoint.sh
@@ -6,4 +6,8 @@
 /opt/modsecurity/activate-plugins.sh
 /opt/modsecurity/configure-rules.sh
 
+if [ "$USE_EXTENDED_LOGFORMAT" = "true" ]; then
+    export APACHE_LOGFORMAT='"%h %{GEOIP_COUNTRY_CODE}e %u [%{%Y-%m-%d %H:%M:%S}t.%{usec_frac}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Content-Type}i\" %{remote}p %v %A %p %R %{BALANCER_WORKER_ROUTE}e %X \"%{cookie}n\" %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x %I %O %{ratio}n%% %D %{ModSecTimeIn}e %{ApplicationTime}e %{ModSecTimeOut}e %{ModSecAnomalyScoreInPLs}e %{ModSecAnomalyScoreOutPLs}e %{ModSecAnomalyScoreIn}e %{ModSecAnomalyScoreOut}e"'
+fi
+
 exec "$@"