MaartenV9058 Member since 2014 6 posts
Posted: February 16, 2018
Last activity: March 9, 2018

How to make sure download of the log-files with direct URL requires authentication?

If you go to the Log landing page and open the Log Files, you can actually see a direct URL to log files. For example, the PegaRULES.log file can be downloaded using the following direct URL:


If you just type in this URL, it's also possible to download the log file without authentication (on a production system). This is at least also possible in Pega version 7.3.0.

According to this article , this seems to be an enhancement but we had a security finding on this.

Is there a way to configure this to make sure this authentication is used to download the log files? If not, any other recommendations to secure the log files?

Security System Administration Low-Code App Development Installation and Deployment
Moderation Team has archived post
Share this page LinkedIn