https://bz.apache.org/bugzilla/show_bug.cgi?id=64731
Bug ID: 64731
Summary: change log message for authorization checks in
mod_authz_host
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_authz_host
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 37446
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37446&action=edit
Improve log message for mod_authz_host authorization checks
mod_authz_host has several authorization checks, which contain four
authorization checks for client's address, with functions
ip_check_authorization()
host_check_authorization()
forward_dns_check_authorization()
local_check_authorization()
These functions only have log messages for syntax checks, but do not log the
authorization check result even though the authorization check fails. The
authorization result will be logged at DEBUG level which is usually disabled.
I would suggest add the log messages when the authorization check fails, which
pinpoints the root cause of authorization failure and saves sysadmins' time for
troubleshooting. For example
@@ -287,6 +294,9 @@ forward_dns_check_authorization(request_rec *r,
}
}
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
+ "authz_host authorize: Authorization of require forward-dns
failed: "
+ "client's address is not resolved from the require'd host name");
return AUTHZ_DENIED;
}
Adding the log before return AUTHZ_DENIED can clearly tell the sysadmin the
root cause of the authorization failure.
I also added the logs for the ip/host/local checks, and submitted as
attachment. Any feedbacks are appreciated!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
