summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorPreston Holmes <preston@ptone.com>2013-05-15 16:14:28 -0700
committerPreston Holmes <preston@ptone.com>2013-05-25 16:27:34 -0700
commitd228c1192ed59ab0114d9eba82ac99df611652d2 (patch)
treee9ae061d032f269bcd3914b50ef200c1fd4a208e /docs
parent36d47f72e300321c4a328a643d489436535d1442 (diff)
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/exceptions.txt21
-rw-r--r--docs/releases/1.6.txt7
-rw-r--r--docs/topics/http/views.txt22
-rw-r--r--docs/topics/logging.txt31
4 files changed, 77 insertions, 4 deletions
diff --git a/docs/ref/exceptions.txt b/docs/ref/exceptions.txt
index f9a1715180..6a5e6f49d5 100644
--- a/docs/ref/exceptions.txt
+++ b/docs/ref/exceptions.txt
@@ -44,9 +44,24 @@ SuspiciousOperation
-------------------
.. exception:: SuspiciousOperation
- The :exc:`SuspiciousOperation` exception is raised when a user has performed
- an operation that should be considered suspicious from a security perspective,
- such as tampering with a session cookie.
+ The :exc:`SuspiciousOperation` exception is raised when a user has
+ performed an operation that should be considered suspicious from a security
+ perspective, such as tampering with a session cookie. Subclasses of
+ SuspiciousOperation include:
+
+ * DisallowedHost
+ * DisallowedModelAdminLookup
+ * DisallowedRedirect
+ * InvalidSessionKey
+ * SuspiciousFileOperation
+ * SuspiciousMultipartForm
+ * SuspiciousSession
+ * WizardViewCookieModified
+
+ If a ``SuspiciousOperation`` exception reaches the WSGI handler level it is
+ logged at the ``Error`` level and results in
+ a :class:`~django.http.HttpResponseBadRequest`. See the :doc:`logging
+ documentation </topics/logging/>` for more information.
PermissionDenied
----------------
diff --git a/docs/releases/1.6.txt b/docs/releases/1.6.txt
index 35488b4110..825c5dc28d 100644
--- a/docs/releases/1.6.txt
+++ b/docs/releases/1.6.txt
@@ -270,6 +270,13 @@ Minor features
stores active language in session if it is not present there. This
prevents loss of language settings after session flush, e.g. logout.
+* :exc:`~django.core.exceptions.SuspiciousOperation` has been differentiated
+ into a number of subclasses, and each will log to a matching named logger
+ under the ``django.security`` logging hierarchy. Along with this change,
+ a ``handler400`` mechanism and default view are used whenever
+ a ``SuspiciousOperation`` reaches the WSGI handler to return an
+ ``HttpResponseBadRequest``.
+
Backwards incompatible changes in 1.6
=====================================
diff --git a/docs/topics/http/views.txt b/docs/topics/http/views.txt
index 2ccedec2f7..5c27c9c958 100644
--- a/docs/topics/http/views.txt
+++ b/docs/topics/http/views.txt
@@ -231,3 +231,25 @@ same way you can for the 404 and 500 views by specifying a ``handler403`` in
your URLconf::
handler403 = 'mysite.views.my_custom_permission_denied_view'
+
+.. _http_bad_request_view:
+
+The 400 (bad request) view
+--------------------------
+
+When a :exc:`~django.core.exceptions.SuspiciousOperation` is raised in Django,
+the it may be handled by a component of Django (for example resetting the
+session data). If not specifically handled, Django will consider the current
+request a 'bad request' instead of a server error.
+
+The view ``django.views.defaults.bad_request``, is otherwise very similar to
+the ``server_error`` view, but returns with the status code 400 indicating that
+the error condition was the result of a client operation.
+
+Like the ``server_error`` view, the default ``bad_request`` should suffice for
+99% of Web applications, but if you want to override the view, you can specify
+``handler400`` in your URLconf, like so::
+
+ handler400 = 'mysite.views.my_custom_bad_request_view'
+
+``bad_request`` views are also only used when :setting:`DEBUG` is ``False``.
diff --git a/docs/topics/logging.txt b/docs/topics/logging.txt
index a31dc01cc5..a88201ad47 100644
--- a/docs/topics/logging.txt
+++ b/docs/topics/logging.txt
@@ -394,7 +394,7 @@ requirements of logging in Web server environment.
Loggers
-------
-Django provides three built-in loggers.
+Django provides four built-in loggers.
``django``
~~~~~~~~~~
@@ -434,6 +434,35 @@ For performance reasons, SQL logging is only enabled when
``settings.DEBUG`` is set to ``True``, regardless of the logging
level or handlers that are installed.
+``django.security.*``
+~~~~~~~~~~~~~~~~~~~~~~
+
+The security loggers will receive messages on any occurrence of
+:exc:`~django.core.exceptions.SuspiciousOperation`. There is a sub-logger for
+each sub-type of SuspiciousOperation. The level of the log event depends on
+where the exception is handled. Most occurrences are logged as a warning, while
+any ``SuspiciousOperation`` that reaches the WSGI handler will be logged as an
+error. For example, when an HTTP ``Host`` header is included in a request from
+a client that does not match :setting:`ALLOWED_HOSTS`, Django will return a 400
+response, and an error message will be logged to the
+``django.security.DisallowedHost`` logger.
+
+Only the parent ``django.security`` logger is configured by default, and all
+child loggers will propagate to the parent logger. The ``django.security``
+logger is configured the same as the ``django.request`` logger, and any error
+events will be mailed to admins. Requests resulting in a 400 response due to
+a ``SuspiciousOperation`` will not be logged to the ``django.request`` logger,
+but only to the ``django.security`` logger.
+
+To silence a particular type of SuspiciousOperation, you can override that
+specific logger following this example::
+
+ 'loggers': {
+ 'django.security.DisallowedHost': {
+ 'handlers': ['null'],
+ 'propagate': False,
+ },
+
Handlers
--------