2010/9/29 Łukasz Rekucki <[email protected]>: > On 28 September 2010 17:45, Ian Lewis <[email protected]> wrote: >> Hi, >> >> On Tue, Sep 28, 2010 at 9:19 AM, Nick Phillips >> <[email protected]> wrote: >>> I'm worried by the use of "warning" for all 4xx statuses. I think it >>> still makes sense to use the "original" syslog level definitions[*] as a >>> guide, and on there I'd suggest that some 4xx statuses would merit >>> "Info", some "Notice", and maybe one or two "Warning". "Notice" not >>> being included in Python's default logging, I guess that means I'd split >>> them between "Info" and "Warning". >>> >>> My view is that the main use of these logs to me is to help me see when >>> someone is doing Bad Things (or trying to) to my system. I would be >>> wanting anything that indicated a targeted exploration of my server to >>> show up as "Warning", and anything that's most likely a random script >>> kiddie to be "Info". That certainly puts 404 in as "Info"; I see so many >>> hits looking for e.g. poorly-configured phpmyadmin installations, that >>> 404s would swamp anything that I really needed to be looking at. >> >> I'm split on this myself but I think making all 400 level responses warnings >> would keep things consistent and help find potential security issues easier. > > Making all 4xx a Warning is a bad idea. When you're writing a RESTful > API, it's common to use these status codes the way they were intended > to be used. For example, if the user makes a POST add a comment, but > the form data is invalid a RESTful API won't return a 2xx, because the > request failed. The only reasonable codes are in in 4xx range. It's > not uncommon for users to badly fill out forms, so getting warnings > about it would just flood the log. > > The logging level should be based on the cause (like CSRF validation > failure) not solely on the response's status code.
Here's the list of 4XX responses that we currently raise: 400 Bad Request 403 Forbidden (due to permissions and CSRF) 404 Not Found 405 Method Not Allowed 410 Gone 412 Precondition Failed These all strike me as messages appropriate for a warning -- they're all slightly concerning indications that you're either under some sort of attack, or at the very least that your users are having a bad experience on your site. This includes 404 -- manually entered URLs and annoying PHP hackbots notwithstanding, your site shouldn't be generating 404s. If it is, you should be investigating. The only argument I can see for 404 as an INFO message is the prevalence; given that a 404 is often generated without being a concern, it makes sense to make them easy to filter out. However, IMHO, unilaterally ignoring 404s would be just as bad as having too many. On top of that, any halfway decent log analysis tool can filter these messages on a per-status code or per-URL basis. In short, I'm not convinced it's worth making a special case of 404. Yours Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
