Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
django-request-logging
Advanced tools
Plug django-request-logging into your Django project and you will have intuitive and color coded request/response payload logging, for both web requests and API requests. Supports Django 1.8+.
$ pip install django-request-logging
Then add request_logging.middleware.LoggingMiddleware
to your MIDDLEWARE
.
For example:
MIDDLEWARE = (
...,
'request_logging.middleware.LoggingMiddleware',
...,
)
And configure logging in your app:
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'console': {
'class': 'logging.StreamHandler',
},
},
'loggers': {
'django.request': {
'handlers': ['console'],
'level': 'DEBUG', # change debug level as appropiate
'propagate': False,
},
},
}
Most of the times you don't have to care about these details. But in case you need to dig deep:
See REQUEST_LOGGING_HTTP_4XX_LOG_LEVEL
setting to override this.
A no_logging
decorator is included for views with sensitive data. This decorator allows control over logging behaviour of single views via the following parameters:
* value
* False: the view does NOT log any activity at all (overrules settings of log_headers, log_body, log_response and automatically sets them to False).
* True: the view logs incoming requests (potentially log headers, body and response, depending on their specific settings)
* None: NO_LOGGING_DEFAULT_VALUE is used (can be defined in settings file as DJANGO_REQUEST_LOGGING_NO_LOGGING_DEFAULT_VALUE)
* msg
* Reason for deactivation of logging gets logged instead of request itself (only if silent=True and value=False)
* NO_LOGGING_MSG is used by default
* log_headers
* False: request headers will not get logged
* True: request headers will get logged (if value is True)
* None: LOG_HEADERS_DEFAULT_VALUE is used (can be defined in settings file as DJANGO_REQUEST_LOGGING_LOG_HEADERS_DEFAULT_VALUE)
* no_header_logging_msg
* Reason for deactivation of header logging gets logged instead of headers (only if silent=True and log_headers=False)
* NO_HEADER_LOGGING_MSG is used by default
* log_body
* False: request body will not get logged
* True: request headers will get logged (if value is True)
* None: LOG_BODY_DEFAULT_VALUE is used (can be defined in settings file as DJANGO_REQUEST_LOGGING_LOG_BODY_DEFAULT_VALUE)
* no_body_logging_msg
* Reason for deactivation of body logging gets logged instead of body (only if silent=True and log_body=False)
* NO_BODY_LOGGING_MSG is used by default
* log_response
* False: response will not get logged
* True: response will get logged (if value is True)
* None: LOG_RESPONSE_DEFAULT_VALUE is used (can be defined in settings file as DJANGO_REQUEST_LOGGING_LOG_RESPONSE_DEFAULT_VALUE)
* no_response_logging_msg
* Reason for deactivation of body logging gets logged instead of body (only if silent=True and log_body=False)
* NO_RESPONSE_LOGGING_MSG is used by default
* silent
* True: deactivate logging of alternative messages case parts of the logging are deactivated (request/header/body/response)
* False: alternative messages for deactivated parts of logging (request/header/body/response) are logged instead
By default, value of Http headers HTTP_AUTHORIZATION
and HTTP_PROXY_AUTHORIZATION
are replaced wih *****
. You can use REQUEST_LOGGING_SENSITIVE_HEADERS
setting to override this default behaviour with your list of sensitive headers.
You can customized some behaves of django-request-logging by following settings in Django settings.py
.
By default, data will log in DEBUG level, you can change to other valid level (Ex. logging.INFO) if need.
It's enabled by default. If you want to log into log file instead of console, you may want to remove ANSI color. You can set REQUEST_LOGGING_ENABLE_COLORIZE=False
to disable colorize.
This legacy setting will still available, but you should't use this setting anymore. You should use REQUEST_LOGGING_ENABLE_COLORIZE
instead.
We keep this settings for backward compatibility.
By default, max length of a request body and a response content is cut to 50000 characters.
By default, HTTP status codes between 400 - 499 are logged at ERROR level. You can set REQUEST_LOGGING_HTTP_4XX_LOG_LEVEL=logging.WARNING
(etc) to override this.
If you set REQUEST_LOGGING_HTTP_4XX_LOG_LEVEL=logging.INFO
they will be logged the same as normal requests.
The value of the headers defined in this settings will be replaced with '*****'
to hide the sensitive information while logging. By default it is set as REQUEST_LOGGING_SENSITIVE_HEADERS = ["HTTP_AUTHORIZATION", "HTTP_PROXY_AUTHORIZATION"]
Name of the logger that is used to log django.request occurrances with the new LoggingMiddleware. Defaults to "django.request".
Global default to activate/deactivate logging of all views. Can be overruled for each individual view by using the @no_logging decator's "value" parameter.
Global default to activate/deactivate logging of request headers for all views. Can be overruled for each individual view by using the @no_logging decator's "log_headers" parameter.
Global default to activate/deactivate logging of request bodys for all views. Can be overruled for each individual view by using the @no_logging decator's "log_body" parameter.
Global default to activate/deactivate logging of responses for all views. Can be overruled for each individual view by using the @no_logging decator's "log_response" parameter.
Use pyenv
to maintain a set of virtualenvs for 2.7 and a couple versions of Python 3.
Make sure the requirements-dev.txt
installs for all of them, at least until we give up on 2.7.
At that point, update this README to let users know the last version they can use with 2.7.
pip install twine pypandoc pbr wheel
pypandoc
complains that pandoc
isn't installed, you can add that via brew
if you have Homebrew installed.pypirc
file in your user root folder that looks like this: index-servers=
testpypi
pypi
[testpypi]
username = rhumbix
password = password for dev@rhumbix.com at Pypi
[pypi]
username = rhumbix
password = password for dev@rhumbix.com at Pypi
request_logging/__init__.py
python setup.py publish
git tag
logic to the publish processFAQs
Django middleware that logs http request body.
We found that django-request-logging demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.