Re: Logging of subrequest authorization checks in mod_dav_svn/mod_authz_svn
On 16.01.2015 20:52, C. Michael Pilato wrote:
> On 01/16/2015 02:18 PM, Ivan Zhakov wrote:
>> But I'm not sure that current behavior is the best. I'm thinking to
>> implement the following logic in mod_authz_svn: use different log
>> level whether access denied for subrequest or for primary request (the
>> URL user actually tried to access).
>> Does it make sense?
>> The other open question is which error level use for these 'soft'
>> access denied messages:
>> a) info (Like we do for access granted messages)
>> b) warning
> It makes sense to me to log explicit attempts to hit an unreadable
> resource differently than the somewhat unavoidable implicit attempts.
> As for log levels, is there any reason to log the implicit read attempts
> at a level higher than "debug"?
Sounds good; I understand that there will be no equivalent entry in the
access log for these sub-requests, so they're not really interesting to
the admin in normal operations.
> I have no opinion about the log level for the explicit ones.
I believe a request for /private will return a 404 error, same as a
request for a non-existent path. And IIRC these are normally logged at
Received on 2015-01-16 22:46:16 CET
This is an archived mail posted to the Subversion Dev