Code

Ticket #3135: 3135.diff

File 3135.diff, 2.8 KB (added by Simon G. <dev@…>, 7 years ago)
Line 
1Index: settings.txt
2===================================================================
3--- settings.txt        (revision 4391)
4+++ settings.txt        (working copy)
5@@ -197,6 +197,10 @@
6 
7     (('John', 'john@example.com'), ('Mary', 'mary@example.com'))
8 
9+
10+Note that Django will email all of these people when there's an error, see ``Django Error-reporting via Email`` for more information.
11+
12+
13 ALLOWED_INCLUDE_ROOTS
14 ---------------------
15 
16@@ -414,7 +418,7 @@
17 
18 Default: ``('mail.pl', 'mailform.pl', 'mail.cgi', 'mailform.cgi', 'favicon.ico', '.php')``
19 
20-See also ``IGNORABLE_404_STARTS``.
21+See also ``IGNORABLE_404_STARTS`` and ``Django Error-reporting via Email``
22 
23 IGNORABLE_404_STARTS
24 --------------------
25@@ -422,7 +426,8 @@
26 Default: ``('/cgi-bin/', '/_vti_bin', '/_vti_inf')``
27 
28 A tuple of strings that specify beginnings of URLs that should be ignored by
29-the 404 e-mailer. See ``SEND_BROKEN_LINK_EMAILS`` and ``IGNORABLE_404_ENDS``.
30+the 404 e-mailer. See ``SEND_BROKEN_LINK_EMAILS``, ``IGNORABLE_404_ENDS`` and
31+``Django Error-reporting via Email``
32 
33 INSTALLED_APPS
34 --------------
35@@ -631,8 +636,8 @@
36 Whether to send an e-mail to the ``MANAGERS`` each time somebody visits a
37 Django-powered page that is 404ed with a non-empty referer (i.e., a broken
38 link). This is only used if ``CommonMiddleware`` is installed (see the
39-`middleware docs`_). See also ``IGNORABLE_404_STARTS`` and
40-``IGNORABLE_404_ENDS``.
41+`middleware docs`_). See also ``IGNORABLE_404_STARTS``,
42+``IGNORABLE_404_ENDS`` and ``Django Error-reporting via Email``
43 
44 SERVER_EMAIL
45 ------------
46@@ -967,3 +972,21 @@
47 
48 It boils down to this: Use exactly one of either ``configure()`` or
49 ``DJANGO_SETTINGS_MODULE``. Not both, and not neither.
50+
51+
52+Django Error-reporting via Email
53+================================
54+
55+When ``DEBUG`` mode is turned off, Django will email the users listed in the ``ADMIN`` setting whenever a server error occurs. This is most commonly when a resource is not found (404 errors), or when there's been an internal server error (500). This gives the administrators immediate notification of any errors.
56+
57+However, there are certain cases when this is not appropriate. For example, it's quite common to get miscreants doing random scans for vulnerabilities, such as vulnerable versions of ``xmlhttp.php`` or ``PhpMyAdmin``. Since Django is not affected by these, they can be safely ignored.
58+
59+You can tell Django to stop reporting these 404's by adding the page to the  ``IGNORABLE_404_ENDS`` setting:
60+
61+       IGNORABLE_404_ENDS = ('xmlhttp.php')
62+
63+Or, you can ignore it using the start of the request path, by using the ``IGNORABLE_404_STARTS`` setting:
64+
65+       IGNORABLE_404_STARTS = ('/phpmyadmin/')
66+
67+Finally, if you wish to turn off this email reporting completely, just remove all entries from the ``ADMINS`` setting.
68\ No newline at end of file