Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow administrator to disable logging of ping requests #3550

Merged
merged 1 commit into from
Jan 13, 2021
Merged

Allow administrator to disable logging of ping requests #3550

merged 1 commit into from
Jan 13, 2021

Conversation

johanfleury
Copy link
Contributor

@johanfleury johanfleury commented Jan 7, 2021
edited
Loading

Description

Allow administrator to disable logging of ping requests on /api/v1/ping.

This is disabled by default, but can be enabled by setting log.log_ping_requests to true (or the PEERTUBE_LOG_PING_REQUESTS environment variable in Docker).

Related issues

Implements #3544

Has this been tested?

  • 👍 yes, I added tests to the test suite
  • 👍 yes, light tests as follows are enough
  • 💭 no, because this PR is a draft and still needs work
  • 🙅 no, because they aren't needed
  • 🙋 no, because I need help

Not sure how I can implement unit test for that.

@johanfleury johanfleury marked this pull request as draft January 7, 2021 22:00
@johanfleury johanfleury changed the title WIP: feat: allow to not log ping requests feat: allow to not log ping requests Jan 7, 2021
@johanfleury johanfleury force-pushed the feature/allow-not-logging-pings branch from 9978758 to 282a0f3 Compare January 7, 2021 22:05
@johanfleury
Copy link
Contributor Author

johanfleury commented Jan 7, 2021
edited
Loading

Ok, so I’ve opened this PR as a draft because I’m not sure if this is the correct way to do this. It should work, but it feels a bit messy (like what if we add a new path?)

Also, should we let the administrator configure this feature?

@rigelk rigelk changed the title feat: allow to not log ping requests allow to not log ping requests Jan 8, 2021
@kontrollanten
Copy link
Contributor

I think it looks like a good start! If we want to add a new path it can be /api/v1/ping/email and then just check for the beginning of the path to determine.

But maybe some people use the request logging to monitor potential attacks, then I guess this can be a bad solution.

@Chocobozzz
Copy link
Owner

Chocobozzz commented Jan 8, 2021
edited
Loading

Hello,

It should not be the responsibility of the client to decide whether or not to log the request. So please instead of using a query parameter, add a config key below https://github.com/Chocobozzz/PeerTube/blob/develop/config/production.yaml.example#L102 logPingRequest: true

@rigelk
Copy link
Collaborator

rigelk commented Jan 8, 2021

Why not just whitelist the IP emitting the health check?

@johanfleury johanfleury force-pushed the feature/allow-not-logging-pings branch from 282a0f3 to 2075310 Compare January 8, 2021 16:06
@johanfleury johanfleury changed the title allow to not log ping requests Allow administrator to disable logging of ping requests Jan 8, 2021
@johanfleury johanfleury force-pushed the feature/allow-not-logging-pings branch from 2075310 to 8f0458c Compare January 8, 2021 16:19
@johanfleury
Copy link
Contributor Author

@Chocobozzz:

So please instead of using a query parameter, add a config key below https://github.com/Chocobozzz/PeerTube/blob/develop/config/production.yaml.example#L102 logPingRequest: true

I chose to use snake case (i.e. log_ping_requests) instead of camel case to be more consistent with other configuration options.

@kontrollanten:

But maybe some people use the request logging to monitor potential attacks, then I guess this can be a bad solution.

I don’t see how having logs disabled on that specific endpoint allows any attack. I also doubt many PeerTube instance in production are facing the internet directly. Most of them are probably deployed behind a reverse proxy with access logs enabled.

Anyway this is now at the administrator discretion.

@rigelk

Why not just whitelist the IP emitting the health check?

I feel like this would be a bit too much for just disabling logs from this endpoint.

Also, in some environments (e.g. Docker and Kubernetes) the source IP address is dynamic so you would end up allowing a subnet for the whole cluster which would have the same effect as just disabling logging on that endpoint

@johanfleury johanfleury force-pushed the feature/allow-not-logging-pings branch from 8f0458c to a04f698 Compare January 8, 2021 16:41
@johanfleury
Copy link
Contributor Author

johanfleury commented Jan 8, 2021
edited
Loading

The failing test doesn’t seem to be related with my changes.

@johanfleury johanfleury marked this pull request as ready for review January 8, 2021 17:07
@rigelk rigelk linked an issue Jan 9, 2021 that may be closed by this pull request
Allow to not log ping requests #3544
Closed
Chocobozzz
Chocobozzz requested changes Jan 12, 2021
View reviewed changes
config/production.yaml.example Outdated Show resolved Hide resolved
@johanfleury johanfleury force-pushed the feature/allow-not-logging-pings branch from a04f698 to 300f0e4 Compare January 12, 2021 16:06
@Chocobozzz
Copy link
Owner

Thanks @johanfleury

@Chocobozzz Chocobozzz merged commit 12c1e38 into Chocobozzz:develop Jan 13, 2021
@johanfleury johanfleury deleted the feature/allow-not-logging-pings branch July 5, 2021 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Chocobozzz Chocobozzz Awaiting requested review from Chocobozzz

Assignees
No one assigned
Labels
Type: Feature Request ✨ Type: Maintenance 👷‍♀️
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow to not log ping requests
4 participants
@johanfleury @kontrollanten @Chocobozzz @rigelk