Index: /branches/rel_ag_9_4_5/aproxy/nginx-1.4.1/src/http/ngx_http_request.c
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/nginx-1.4.1/src/http/ngx_http_request.c	(revision 20301)
+++ /branches/rel_ag_9_4_5/aproxy/nginx-1.4.1/src/http/ngx_http_request.c	(working copy)
@@ -54,6 +54,7 @@
 static void ngx_http_close_request(ngx_http_request_t *r, ngx_int_t error);
 static void ngx_http_log_request(ngx_http_request_t *r);
 
+static void mask_password_in_ngxlog(char *url);
 static u_char *ngx_http_log_error(ngx_log_t *log, u_char *buf, size_t len);
 static u_char *ngx_http_log_error_handler(ngx_http_request_t *r,
     ngx_http_request_t *sr, u_char *buf, size_t len);
@@ -3488,6 +3489,32 @@
     return p;
 }
 
+static void
+mask_password_in_ngxlog(char *url)
+{
+	char *p = NULL;
+	const char *keyword = "&_pid=";
+
+	p = strstr(url, keyword);
+	if (!p) {
+		return;
+	}
+
+	p += strlen(keyword);
+
+	char *end = p;
+    while (*end != '&' && *end) {
+        end++;
+    }
+
+    if (*end == '&') {
+        memmove(p, end, strlen(end) + 1);
+    } else {
+        *p = '\0';
+    }
+
+	return;
+}
 
 static u_char *
 ngx_http_log_error_handler(ngx_http_request_t *r, ngx_http_request_t *sr,
@@ -3497,6 +3524,7 @@
     u_char                    *p;
     ngx_http_upstream_t       *u;
     ngx_http_core_srv_conf_t  *cscf;
+    char *ngx_http_log = (char *)r->request_line.data;
 
     cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
 
@@ -3516,6 +3544,7 @@
     }
 
     if (r->request_line.len) {
+        mask_password_in_ngxlog(ngx_http_log);
         p = ngx_snprintf(buf, len, ", request: \"%V\"", &r->request_line);
         len -= p - buf;
         buf = p;