| Summary: | change log message for authorization checks in mod_authz_host | ||
|---|---|---|---|
| Product: | Apache httpd-2 | Reporter: | Bingyu Shen <byshen> |
| Component: | mod_authz_host | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
| Status: | NEW --- | ||
| Severity: | normal | Keywords: | PatchAvailable |
| Priority: | P2 | ||
| Version: | 2.5-HEAD | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | All | ||
| Attachments: | Improve log message for mod_authz_host authorization checks | ||
Created attachment 37446 [details] Improve log message for mod_authz_host authorization checks mod_authz_host has several authorization checks, which contain four authorization checks for client's address, with functions ip_check_authorization() host_check_authorization() forward_dns_check_authorization() local_check_authorization() These functions only have log messages for syntax checks, but do not log the authorization check result even though the authorization check fails. The authorization result will be logged at DEBUG level which is usually disabled. I would suggest add the log messages when the authorization check fails, which pinpoints the root cause of authorization failure and saves sysadmins' time for troubleshooting. For example @@ -287,6 +294,9 @@ forward_dns_check_authorization(request_rec *r, } } + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() + "authz_host authorize: Authorization of require forward-dns failed: " + "client's address is not resolved from the require'd host name"); return AUTHZ_DENIED; } Adding the log before return AUTHZ_DENIED can clearly tell the sysadmin the root cause of the authorization failure. I also added the logs for the ip/host/local checks, and submitted as attachment. Any feedbacks are appreciated!