id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
25017	settings.DISALLOWED_USER_AGENTS should raise PermissionDenied	François Schiettecatte	Sujay S Kumar	"The check against settings.DISALLOWED_USER_AGENTS should throw a PermissionDenied exception as opposed to returning an HttpResponseForbidden() so that handler403 is invoked.

Code touched would be:

https://github.com/django/django/blob/master/django/middleware/common.py#L10
{{{
from django.core.exceptions import PermissionDenied
}}}

https://github.com/django/django/blob/master/django/middleware/common.py#L47-56
{{{
if 'HTTP_USER_AGENT' in request.META:
    for user_agent_regex in settings.DISALLOWED_USER_AGENTS:
        if user_agent_regex.search(request.META['HTTP_USER_AGENT']):
            logger.warning('Forbidden (User agent): %s', request.path,
                extra={
                    'status_code': 403,
                    'request': request
                }
            )
            raise PermissionDenied
}}}

https://github.com/django/django/blob/master/tests/middleware/tests.py#L254-261
{{{
@override_settings(DISALLOWED_USER_AGENTS=[re.compile(r'foo')])
def test_disallowed_user_agents(self):
    with patch_logger('django.request', 'warning') as log_messages:
        request = self.rf.get('/slash')
        request.META['HTTP_USER_AGENT'] = 'foo'
        with self.assertRaises(self, PermissionDenied):
            CommonMiddleware().process_request(request)
            self.assertEqual(log_messages, ['Forbidden (User agent): /slash'])
}}}"	Cleanup/optimization	closed	Core (Other)	1.8	Normal	fixed	DISALLOWED_USER_AGENTS, PermissionDenied		Accepted	1	0	0	1	0	0