Bug #93693
closed
AuthenticationService Loging
100%
Description
Logging messages from the TYPO3 Core Authentication classes are not always printing out the IP address. Instead, the messages printing out the placeholder ###IP###.
Steps to reproduce:
Add the following script to AdditionalCofiguration.php :
$GLOBALS['TYPO3_CONF_VARS']['LOG']['TYPO3']['CMS']['Core']['Authentication']['writerConfiguration'] = [
\TYPO3\CMS\Core\Log\LogLevel::INFO => [
\TYPO3\CMS\Core\Log\Writer\FileWriter::class => [
'logFile' => \TYPO3\CMS\Core\Core\Environment::getVarPath() . '/log/typo3_auth.log',
]
]
];
The messages that are written to the log file are not always provided with an IP address.
For example usernames that are available, but the password does not match, the following message is written in the log:
[INFO] request = "22b7434b00a76" component = "TYPO3.CMS.Core.Authentication.AuthenticationService": Login attempt from ###IP###, username 'xxxxxxx' , password not accepted!
The placeholder ###IP### is printed in the message, but not the IP address itself.
Many other messages are also only printed with the placeholder ###IP### instead of the IP address.
Updated by Markus Klein almost 4 years ago
This is actually on purpose.
The same log message is written to the sys_log table where the IP is a dedicated DB field.
This is done to have the possibility to perform GDPR related operations on the IPs.
Updated by Torben Hansen almost 4 years ago
Not being able to log the IP address of failed logins to dedicated logfiles makes it impossible to e.g. use fail2ban to block such requests efficiently. Since the mentioned logging would only be created on purpose when the site admin configures it, I see the responsability on the admins side to take care of GDPR requirements.
Updated by Gerrit Code Review almost 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68304
Updated by Gerrit Code Review almost 4 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68320
Updated by Markus Klein almost 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset dc5401179713b0c8248277f772770b2fc66ba801.
Updated by Markus Klein almost 4 years ago
- Related to Bug #93943: AuthenticationService Loging added
Updated by Gerrit Code Review almost 4 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68801
Updated by Gerrit Code Review almost 4 years ago
Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/68801
Updated by Markus Klein almost 4 years ago
- Status changed from Under Review to Resolved
Applied in changeset 9b651087b57a050ad2c9da2e1cfb7947ea6446f3.
Updated by Benni Mack almost 4 years ago
- Status changed from Resolved to Closed