Question on logging best practices and ALLOWED_HOST

Wed, 22 May 2019 10:25:27 -0700 

*First Question - How valuable is the check on ALLOWED_HOST?   *

How many folks out there simply have settings:

ALLOWED_HOSTS = ['*']


*Second Question - What is the best practice for enriching the log record?*

On-premise, we've struggled with the interaction of the AdminEmailHandler 
and security scans:

                'mail_admins': {
                    'level': 'ERROR',
                    'filters': ['require_debug_false', 
'skip_nessus_scan_requests'],
                    'class': 'django.utils.log.AdminEmailHandler',
                    'include_html': True,
                },

Now we want to go farther and divert logs originating from the security 
scanner to a different log.

That means that some variant of this code would run again and again:


class SkipNessusScanFilter(logging.Filter):
    """
    Avoids a trace back for requests coming from a NESSUS scan.  Depends on 
NESSUS_SCAN_IPS.
    """
    def filter(self, record):
        request = getattr(record, 'request', None)
        if request and hasattr(request, 'META') and 
request.META.get('REMOTE_ADDR') in NESSUS_SCAN_IPS:
            return False
        return True



I want to centralize the check and make it more performant.   Is there a 
better place to enrich the log record than when the filter runs?

def is_nessus_scan(record):
    is_nessus_scan = getattr(record, 'is_nessus_scan', None)
    if is_nessus_scan is None:
        request = getattr(record, 'request', None)
        is_nessus_scan = (request 
                          and hasattr(request, 'META') 
                          and request.META.get('REMOTE_ADDR') in 
NESSUS_SCAN_IPS)
        setattr(record, 'is_nessus_scan', None)
    return is_nessus_scan


class SkipNessusScanFilter(logging.Filter):
    """
    Avoids a trace back for requests coming from a NESSUS scan.  Depends on 
NESSUS_SCAN_IPS.
    """
    def filter(self, record):
        return is_nessus_scan(record)


class RequireNessusScanFilter(logging.Filter):
    """
    Diverts nessus logging to another file.   Depends on NESSUS_SCAN_IPS.
    """
    def filter(self, record):
        return not is_nessus_scan(record)



-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/52f30cdb-35f6-4251-95c7-46f97c3a2786%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to