[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Logging of subrequest authorization checks in mod_dav_svn/mod_authz_svn

From: Branko ─îibej <brane_at_wandisco.com>
Date: Fri, 16 Jan 2015 22:45:00 +0100

On 16.01.2015 20:52, C. Michael Pilato wrote:
> On 01/16/2015 02:18 PM, Ivan Zhakov wrote:
>> But I'm not sure that current behavior is the best. I'm thinking to
>> implement the following logic in mod_authz_svn: use different log
>> level whether access denied for subrequest or for primary request (the
>> URL user actually tried to access).
>>
>> Does it make sense?
>>
>> The other open question is which error level use for these 'soft'
>> access denied messages:
>> a) info (Like we do for access granted messages)
>> b) warning
> It makes sense to me to log explicit attempts to hit an unreadable
> resource differently than the somewhat unavoidable implicit attempts.
>
> As for log levels, is there any reason to log the implicit read attempts
> at a level higher than "debug"?

Sounds good; I understand that there will be no equivalent entry in the
access log for these sub-requests, so they're not really interesting to
the admin in normal operations.

> I have no opinion about the log level for the explicit ones.

I believe a request for /private will return a 404 error, same as a
request for a non-existent path. And IIRC these are normally logged at
error level.

-- Brane
Received on 2015-01-16 22:46:16 CET

This is an archived mail posted to the Subversion Dev mailing list.