Uploaded image for project: 'Opencast'
  1. MH-12926

Prevent cluttering of logs by invalid access

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed and reviewed
    • Affects versions: 5.0
    • Fix versions: 5.0
    • Components: Backend Software
    • Labels:
      None
    • Severity:
      Operations
    • Steps to reproduce:
      Hide
      Every invalid access through domains not specifically mapped to an
      organization will be logged in Opencast which makes it easy for an
      external attacker to generate a huge amount of log files.

      In production systems, we have seen that this caused issues with people
      probing for default path's like /phpmyadmin, …

      Since the warning is actually not indicating any issue with
      Opencast–these requests should not be served–this patch downgrades the
      log message to debug.
      Show
      Every invalid access through domains not specifically mapped to an organization will be logged in Opencast which makes it easy for an external attacker to generate a huge amount of log files. In production systems, we have seen that this caused issues with people probing for default path's like /phpmyadmin, … Since the warning is actually not indicating any issue with Opencast–these requests should not be served–this patch downgrades the log message to debug.

      TestRail: Results

        Attachments

          Activity

            People

            • Assignee:
              lkiesow Lars Kiesow
              Reporter:
              lkiesow Lars Kiesow
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                TestRail: Cases