CODEWITHSUNDEEP
phpsymfonylogginghttp-status-code-403debian-buster
brico
brico

Reputation: 61

how to generate a 403 error in the Debian 10 logs from my authentication form with symfony 5.4

I host my web application on Debian 10 using symfony 5.4. Users must authenticate to access my application.

I would like to know if it is possible to generate a 403 error in the Debian logs (/var/log/apache/access.log or elsewhere) in case of bad credentials ?

For the moment, the logs show a 'POST 302' error which does not suit me.

For symfony experts, I use loginFormAuthenticator extends AbstractLoginFormAuthenticator.

I don't know where I should do this. If it's on the server or in my application?

here is what i tried

namespace Symfony\Component\Security\Http\Authenticator;

abstract class AbstractLoginFormAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface, InteractiveAuthenticatorInterface{
...

    
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response{
...

        return new RedirectResponse($url, 403, ['HTTP/1.0 403 Forbidden']);

Thanks for your feedback.

Upvotes: 0

Views: 93

Answers (1)

msg
msg

Reputation: 8171

You cannot redirect with a code, the code is ignored because the redirection itself relies on a code in the 300 range (302 in this case).

If you want to give an error response, you can just throw $exception;, but there will be no redirect.

However, the application log should already contain the authentication failure. It's located in /path/to/app/var/log/prod.log or whatever environment you happen to be running instead of prod.

If you do want to log to the system logs, you can use php error_log function.

Upvotes: 1

Related Questions