-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add log message when the IP is not allowed #1264
base: master
Are you sure you want to change the base?
Conversation
Your pull requests add logging, but at this moment I wonder, does it add any information? What can you do with seeing for example this message? |
Currently, it first checks whether the connection's IP is allowed. If not, it will simply return an access-denied 403 error code. (If there is any other information, please let me know :D ) However, there are multiple checks in the |
But wouldn't it be much more informative to have such information as part of the normal http logging? So we directly know which IP was not allowed? Maybe I am missing something. |
Sorry for the late reply, I was swamped by other stuff last week ..
The normal logging in cherokee
I can also add the IP address to the log if that's preferred. Thanks! |
My main question was why should we do this in two places. Both access log and error log. I do want to prevent that the system becomes bloated because of that, because it could become noisy. Now if I review the apache error logs, I notice that a log level defines what and when goes through the error log, by a format one can add all the information to make the error logs useful. Something we only have when tracing. I think we should have a chat on what to do with these specific errors, in my perspective they are not defects of the regular webserver processing. |
I agree, these errors are expected based on the current webserver configuration, but it could be difficult to troubleshoot if the configuration is not intended, i.e., we want to understand why it is denied.
Ah I got it. I add it as error level log because in Apache httpd, these configuration errors are logged at In my perspective, If you feel log at |
No, I don't. I think that the regular logs should have an option to tell why the error is present. So we should explore that, unless you have another idea. |
Currently, the access logs are mostly used in the Apache format, as recommended here. There is no field for us to place the error msg in it. The other two access log formats also does not support it. I think the access log does not record the reason of error, because the access logs are produced in the end of handling requests (e.g., If we want to record that in the access log, we need to add one additional field in the Another approach is to correlate the access log and error log with some log entry id for each connection. For example, I am happy to help implement this (may add a proposal in the issue). Let me know your thoughts, thanks 😊 |
Before return access-denied, leave a message in the server log about the specific reason.