Jump to content

Server - Treat security exceptions in Log


anderbytes

Recommended Posts

anderbytes

I did some access to test Emby security and worked OK, as connections should precede a access token given in authentication. That below was made without that token.

 

The problem is: I believe Errors Reports in log should be restricted to software errors... not access denied and such.

So Emby should treat exceptions like that one (and related) with more elegance, not with a error full report.

2016-08-17 08:51:12.3663 Info HttpServer: HTTP GET https://server.domain.com:8920/emby/System/Info. UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
2016-08-17 08:51:12.3748 Error ServiceStackHost: Error occured while Processing Request: Access token is required.
        *** Error Report ***
        Version: 3.0.6060.0
        Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /config -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartpath /usr/lib/emby-server/restart.sh
        Operating system: Unix 3.16.0.0
        Processor count: 4
        64-Bit OS: True
        64-Bit Process: True
        Program data path: /config
        Mono: 4.4.1 (Nightly 4.4.1.0/4747417 Fri Jul  1 11:23:27 UTC 2016)
        Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe
        Access token is required.
        MediaBrowser.Controller.Net.SecurityException
          at MediaBrowser.Server.Implementations.HttpServer.Security.AuthService.ValidateSecurityToken (IServiceRequest request, System.String token) <0x411c92a0 + 0x00107> in <filename unknown>:0
          at MediaBrowser.Server.Implementations.HttpServer.Security.AuthService.ValidateUser (IServiceRequest request, IAuthenticationAttributes authAttribtues) <0x411b62b0 + 0x0007b> in <filename unknown>:0
          at MediaBrowser.Server.Implementations.HttpServer.Security.AuthService.Authenticate (IServiceRequest request, IAuthenticationAttributes authAttribtues) <0x411b6280 + 0x00017> in <filename unknown>:0
          at MediaBrowser.Controller.Net.AuthenticatedAttribute.RequestFilter (IRequest request, IResponse response, System.Object requestDto) <0x411b61e0 + 0x0007a> in <filename unknown>:0
          at ServiceStack.ServiceStackHost.ApplyRequestFiltersSingle (IRequest req, IResponse res, System.Object requestDto) <0x411ac310 + 0x0029e> in <filename unknown>:0
          at ServiceStack.ServiceStackHost.ApplyRequestFilters (IRequest req, IResponse res, System.Object requestDto) <0x411abdc0 + 0x000d5> in <filename unknown>:0
          at ServiceStack.Host.RestHandler+<ProcessRequestAsync>d__13.MoveNext () <0x411a1850 + 0x00595> in <filename unknown>:0

2016-08-17 08:51:12.4289 Info HttpServer: HTTP Response 401 to 164.85.23.108. Time: 63ms. https://server.domain.com:8920/emby/System/Info

This would help avoid bloating log ... especially when we are trying to nail some other bugs and errors

 

What do you think?

Edited by anderbytes
  • Like 1
Link to comment
Share on other sites

Beardyname

Could be good to find out if ppl who should not access your emby instance is trying to! (aka don't remove them)

Link to comment
Share on other sites

anderbytes

My request here is exactly about treating correctly those incidents...

 

So all that error report above (19 lines) would end up being 1 line, such as:

 

 

2016-08-17 08:51:12.3748 Info Security: Access from 199.95.23.62 denied. Missing Access Token.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...