Site icon GetPageSpeed

Nginx: Disable logging of Magento security probes

nginx

nginx

Constantly monitoring error logs is a good idea. It helps to find misconfiguration in your server setup. However, going through logs can be troubled in case your logs are poisoned with unnecessary entries.

Here is one type of unnecessary log entries commonly found with nginx error.log for Magento 1.x websites:

2017/07/16 11:28:05 [error] 22465#22465: *443659 access forbidden by rule, client: 1.1.1.1, server: www.example.com, request: “POST /app/etc/local.xml HTTP/1.1”, host: “www.example.com”

To fix this, you will need to use nginx map directive and conditional logging.

In your nginx.conf put the following inside http { ... } block:

map "$request_method:$request_uri:$remote_addr" $loggable {
    "POST:/app/etc/local.xml:1.1.1.1" 0;
    default 1;    
}

In the directive above, make sure to use your server’s IP address only. We only want to skip logging for Magento internal security check. We’re still interested in logging same type of requests by external IP addresses.

Find your access_log directive and add the if condition to it like so:

access_log /path/to/access.log combined if=$loggable;

What this whole thing does, is logs requests conditionally: a POST request to /app/etc/local.xml made by server itself, will not be logged. Everything else is logged as usual.

Pro tip: if you’re using Varnish, you may also want to disable logging of Varnish backend probes by combing the map directives into one.

Exit mobile version