Wil*_*ill 5 cakephp cakephp-2.0
我的CakePHP应用程序的错误日志充满了404错误.我可以将这些MissingControllerExceptions 排除在错误日志中吗?使用Cake 2.3.
简单地重定向或删除这些URL不会削减它.
一个繁忙的网站每天都会遭到数百个"随机"404的攻击,大多数来自远东国家,检查漏洞或URL,例如"/ wp-admin".
使用完整堆栈跟踪记录这些是完全没必要的
您可以覆盖CakePHP中的默认错误处理程序,然后登录app/tmp/logs/404.log.
在您的app/Config/core.php文件中,定义要处理异常的类:
Configure::write('Error', array(
'handler' => 'MyCustomErrorHandler::handleError',
'level' => E_ALL & ~E_DEPRECATED,
'trace' => true
));
在您的文件中创建类app/Lib/Error并包括使用:App::usesapp/Config/bootstrap.php
App::uses('MyCustomErrorHandler', 'Lib/Error');
制作原始ErrorHandler类的精确副本,只需更改类名,并在handleException方法中的某个位置检查正在抛出的异常,并在其他位置记录.看起来有点像这样;
App::uses('ErrorHandler', 'Error');
class MyCustomErrorHandler {
public static function handleException(Exception $exception) {
// some code...
if (in_array(get_class($exception), array('MissingControllerException', 'MissingActionException', 'PrivateActionException', 'NotFoundException'))) {
$log = '404';
$message = sprintf("[%s]", get_class($exception));
}
// more code...
}
}
基于robmcvey的解决方案,以下是我为CakePHP 2.6所做的工作.
在app/Config/core.php更新Exception配置时:
Configure::write('Exception', array(
'handler' => 'AppErrorHandler::handleException',
'renderer' => 'ExceptionRenderer',
'log' => true
));
在app/Config/bootstrap.php添加CakeLog配置:
CakeLog::config('not_found', array(
'engine' => 'FileLog',
'types' => array('404'),
'file' => '404',
));
该type的404是日志记录级别,将窃听任何东西被写入日志,如CakeLog::write('404', 'That was not found.');
创建文件app/Lib/Error/AppErrorHandler.php.在这里,我们将扩展Cake的ErrorHandler,覆盖三种方法; handleException(),_getMessage()和_log().
<?php
class AppErrorHandler extends ErrorHandler {
/**
* List of Cake Exception classes to record to specified log level.
*
* @var array
*/
protected static $_exceptionClasses = array(
'MissingControllerException' => '404',
'MissingActionException' => '404',
'PrivateActionException' => '404',
'NotFoundException' => '404'
);
public static function handleException(Exception $exception) {
$config = Configure::read('Exception');
self::_log($exception, $config);
$renderer = isset($config['renderer']) ? $config['renderer'] : 'ExceptionRenderer';
if ($renderer !== 'ExceptionRenderer') {
list($plugin, $renderer) = pluginSplit($renderer, true);
App::uses($renderer, $plugin . 'Error');
}
try {
$error = new $renderer($exception);
$error->render();
} catch (Exception $e) {
set_error_handler(Configure::read('Error.handler')); // Should be using configured ErrorHandler
Configure::write('Error.trace', false); // trace is useless here since it's internal
$message = sprintf("[%s] %s\n%s", // Keeping same message format
get_class($e),
$e->getMessage(),
$e->getTraceAsString()
);
self::$_bailExceptionRendering = true;
trigger_error($message, E_USER_ERROR);
}
}
/**
* Generates a formatted error message
*
* @param Exception $exception Exception instance
* @return string Formatted message
*/
protected static function _getMessage($exception) {
$message = '';
if (php_sapi_name() !== 'cli') {
$request = Router::getRequest();
if ($request) {
$message .= $request->here() . " Not Found";
}
}
$message .= "\nStack Trace:\n" . $exception->getTraceAsString() . "\n";
return $message;
}
/**
* Handles exception logging
*
* @param Exception $exception The exception to render.
* @param array $config An array of configuration for logging.
* @return bool
*/
protected static function _log(Exception $exception, $config) {
if (!empty(self::$_exceptionClasses)) {
foreach ((array)self::$_exceptionClasses as $class => $level) {
if ($exception instanceof $class) {
return CakeLog::write($level, self::_getMessage($exception));
}
}
}
return parent::_log();
}
}
您可以自定义$_exceptionClasses阵列以捕获所需的异常并将其发送到不同的日志.该_getMessage()方法已简化为删除属性.
随机网址/exploitable-plugin现在会登录到tmp/logs/404.log.
2015-04-01 16:37:54 404: /exploitable-plugin Not Found
Stack Trace:
#0 /var/example.com/app/index.php(146): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#1 {main}
Cake 2.5.6(以上可能)为此目的具有未记录的功能.
只需修改你的异常配置:
Configure::write('Exception', array(
'handler' => 'ErrorHandler::handleException',
'renderer' => 'ExceptionRenderer',
'log' => true,
'skipLog'=>array(
'MissingControllerException'
)
));
skipLog将从日志中排除异常类的名称.