fbpx

NGINX / Server Setup

Nginx: Disable logging of Magento security probes

by ,


We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

Constantly monitoring error logs is a good idea. It helps to find misconfiguration in your server setup. However, going through logs can be troubled in case your logs are poisoned with unnecessary entries.

Here is one type of unnecessary log entries commonly found with nginx error.log for Magento 1.x websites:

2017/07/16 11:28:05 [error] 22465#22465: *443659 access forbidden by rule, client: 1.1.1.1, server: www.example.com, request: “POST /app/etc/local.xml HTTP/1.1”, host: “www.example.com”

To fix this, you will need to use nginx map directive and conditional logging.

In your nginx.conf put the following inside http { ... } block:

map "$request_method:$request_uri:$remote_addr" $loggable {
    "POST:/app/etc/local.xml:1.1.1.1" 0;
    default 1;    
}

In the directive above, make sure to use your server’s IP address only. We only want to skip logging for Magento internal security check. We’re still interested in logging same type of requests by external IP addresses.

Find your access_log directive and add the if condition to it like so:

access_log /path/to/access.log combined if=$loggable;

What this whole thing does, is logs requests conditionally: a POST request to /app/etc/local.xml made by server itself, will not be logged. Everything else is logged as usual.

Pro tip: if you’re using Varnish, you may also want to disable logging of Varnish backend probes by combing the map directives into one.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.